Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

API Permission Denied Group Membership

Questions
Tags
Users
Badges
Matt Taylor
(112) edited
18 hours ago

Within ETM I'm able to create/save/edit e.t.c test artefacts using the browser interface, but when attempting to access them (GET) via the API with the same account, I get a Permission Denied - "Your account does not have the group memberships required to access the requested resource".


Similarly trying to access via the integration service in a browser window I get this error. E.g. on /testcase where otherwise id expect an XML list of all entries.

I have JAZZUser repository permission and within the project area, the XML Import/Export permissions.

Struggling to find a reason for the discrepancy between web and api call permissions. 
-Are there specific server beck end settings/options which need to be enabled to allow api calls?
(Version 7.0.3)

Thanks

Update:
Its more a question on any relevant server configurations and why permission could be reject in one and not the other.

This is initially just using the 'RQMUrlUtily' java tool to test if the process worked.
I've had success previously on a different development server, but I don't have server admin access to compare.
Really just looking for pointers on what the admin can look for, as they're similarly confused.

I've provided it the same user details and url via integration service as below (un/pw/proj removed).

java -Dcom.ibm.team.repository.transport.client.protocol="TLSv1.2" -jar RQMUrlUtility.jar -command GET -user -password -filepath .xml -url "https://matrix-qm.almuk-prod.group.intra/qm/service/com.ibm.rqm.integration.service.IIntegrationService/resources//testcase/urn:com.ibm.rqm:testcase:2116"

tested with and without the applicable -configURI option.

0 votes

Comments
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER 21 hours ago

If you have access to an item using the Web UI, you should have access using APIs. You need to be authenticated and you need to provide the correct headers if you use a HTTP/REST API.
If you ask API questions you should provide examples for the request as well as all headers.

Matt Taylor
18 hours ago

Further details added to original question.


Are 'group memberships' different to Jazz repository permission and team member roles?

Would the team hierarchy affect access, I have fewer permission (just Author, though with the XML added) at the top level, but broader permissions within my team which the ETM artefacts are linked to.

1 answer
56 views
0 votes

One answer

Permanent link
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER (63.9k33648) 17 hours ago

I have not worked with the RQMUrlUtility. You can however find the documentation for the APIs here https://jazz.net/wiki/bin/view/Deployment/ELMProductAPILanding . The API you want is the Reportable REST API https://jazz.net/wiki/bin/view/Main/RqmApi . I would check if your request would work based on that. Check the request headers etc.

I usually use a REST Client for Firefox (mine is called RESTClient, but there are others), that allows to use the Web UI to authenticate and share the session. Then I create the GET or whatever request. It is a lot easier to see what happens and you do not have to deal with an application in addition.

Group membership usually means the repository role. You need one like JazzUser to be able to access the repository. You also usually need to have a role in the project area. This controls the permissions you have.

I have seen "Your account does not have the group memberships required to access the requested resource". in various contexts. 
1. API calls with incorrect headers
2. Authentication issues
3. LDAP or local user management issues

I would consider it to be the first. You need an Accept header: https://jazz.net/wiki/bin/view/Main/RqmApi#Headers

I have experimented with the EWM Reportable REST API. Some of that should also apply to the ETM API. There are some additional posts around API usage. https://rsjazz.wordpress.com/2022/03/02/ewm-reportable-rest-api/ and check the documentation. Try the simplest request first with a Firefox REST Client. If you know how the authentication works, you can also use Postman. Once you have a working call, use that with the RQMUrlUtility.

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,498
× 6,125
× 1,328
× 480
× 235
× 13

Question asked: 22 hours ago

Question was seen: 56 times

Last updated: 17 hours ago

Confirmation Cancel Confirm