Sometimes I get this error while pulling data from Google Analytics.
"code":403,"message":"User does not have sufficient permissions for this profile."
This error occurs only for some profile IDs.
How can I fix this?
The user you are authenticating with must have access to the profile id you are trying to request data from.
403 insufficientPermissions Indicates that the user does not
have sufficient permissions for the entity specified in the query. Do
not retry without fixing the problem. You need to get sufficient
permissions to perform the operation on the specified entity.
I would check your code or have it write out the profile id that is causing you a problem. You may have mistyped it.
Note: You can also get this error if the user's access in Google analytics was removed.
Related
Afternoon all
Trying to get a logic app to run a query on a log analytics workspace and email the results on a weekly basis. Created a service principal, and have given it Reader access at Subscriptions level and I'm allowed to create the connection, but when I try to populate the drop down in Designer, it's throwing with an error:
Could not retrieve values. Error executing the api '/listSubscriptions'. Client request id: 'undefined'
As seen here: https://imgur.com/a/CDp1g6L
I was following this guide, and it's failing to populate those list boxes:
https://thomasthornton.cloud/2020/11/09/log-analytics-queries-to-csv-emailed-using-azure-logic-apps
Tried temporarily giving it permissions as subscription Owner, same deal. Also the same error with the logic app's own System Managed Identity. Got it to work in a different subscription by using my global admin ID, but I don't want to do that as it's of course dependent on that account and it's way too privileged.
I also tried editing in the correct values in code view, just in case it was only some enumeration error, but the test run fails with:
"Message": "Failed to get valid request parameters. Authorization Error
In my other subscription, I also tried giving the account permissions at the root Tenant level, in case it was purely unable to evaluate all subscriptions, but no joy, same error when using Managed Identities or Service Principals.
I'm at a loss. Any ideas?
I have the exact same issue as this question, however it looks like OP dropped off from troubleshooting.
I am accessing this endpoint:
GET https://graph.microsoft.com/v1.0/users/[UPN]/drive/
However the response is lacking the quota property (and an empty owner property):
{
"#odata.context":
"https://graph.microsoft.com/v1.0/$metadata#drives/$entity",
"id": "[ID]",
"driveType": "business",
"owner": {
"user": {}
}
}
I can confirm via http://jwt.calebb.net/ that the Files.Read.All permission scope is applied to the application (in fact, I've ticked every box in the Azure app).
The token is being generated at the tenant level using the tenant's Account Object Id (ie, not on the user level).
Based on some quick testing using the Microsoft Graph Explorer:
https://graph.microsoft.io/en-us/graph-explorer
It appears to me that the result you are getting (with an empty owner property, and lacking quota) is a result of the fact that you do not have access to another person's drive information.
Specifically if we try the following query, using the Demo Tenant Available by the Graph Explorer:
https://graph.microsoft.com/v1.0/me/drive
I get all the data you are looking for. Even if I specifically call out the UPN of the demo user:
https://graph.microsoft.com/v1.0/users/alexd#a830edad9050849NDA1.onmicrosoft.com/drive
It works. However, if I try to query ANOTHER user:
https://graph.microsoft.com/v1.0/users/admin#a830edad9050849NDA1.onmicrosoft.com/drive
I get exactly what you posted above.
You should make sure that you are logged into the user account which you would like to query their Drive's quota information. I believe this will fix your issue.
EDIT:
I just noticed in your question that you mention you are getting an App Only Token. My guess is that this information is not available at the App Only Level, and again, requires a user to be signed in to get their specific drive information. I might need to follow up to understand if that is really a requirement here. But I hope you can, in the meantime, verify the fact that using a user token, you are able to resolve the drive information about that user.
I am trying to get data from Netsuite using RESTlet. For that, i am using the following details in PHP:
Consumer Key
Consumer Secret
Script Id
Deploy Id
Access Token Id
Access Token Secret
At first time of using these details, i got that error is Invalid login attempt.
I found why it is coming , because of the following any one or all of the wrong details.
Consumer Key
Consumer Secret
Access Token Id
Access Token Secret
After giving correct details it works fine and i stored all these details in DB. I didn't change anything. But after few days i am getting the same error.
I want to know whether the access token will expire after some days or why the error is coming.
I recently had similar issue, everything worked on my machine, but fail with same exception on the test server. Carefully debugged and saw that timestamps for generating request access token are with 12 min difference.
After synching times everything went fine. So even token definitions in NetSuite doesn't expires, timestamps for generating request tokens must be in 'some' time-window with time in the NetSuite environment.
Too bad that SuiteAnswers (https://netsuite.custhelp.com/app/answers/detail/a_id/44241/kw/44241) doesn't mention anything about time.
If you are trying to access a RESTlet through Token Based Authentication (TBA) and are receiving the INVALID_LOGIN_ATTEMPT error and the login audit detail is permission_denied, then the following may work.
Ensure that the role:
Isn't an administrator type role
Doesn't have the Web Services Only Role checked
Also double check that your related integration has the TOKEN-BASED AUTHENTICATION checked.
Note: to check your audit trail detail, go to Setup > Users/Roles > View Login Audit Trail, check USE ADVANCED SEARCH, and be sure to add Detail as a result column.
In my case I was getting the account id from the URL which is lowercase, while it should be upper case.
I was testing on a sandbox and sb1 should be xxxxxx-SB1 on the URL and Realm should be xxxx_SB1
Finally I found the answer for 403 error in my case, I changed the time offset with my standard CST time zone, and repost, it worked.
If you found this 403 error and have been trying every ways, check the time on your machine
If you are using user credentials for RESTlet Authentication ensure that the role in use doesn't have the web services only Role checked.
It has to ensure the token (Token ID) matches the proper Application on the Netsuite side.
Setup -> Integration -> Manage Integrations
I have created a custom module. In my module two user groups are there, i.e Admin and user. Administrator can able to save records. When user is logged in and trying to save record, it is giving access error. But i have added access right for every model for user. Even though it is showing access error.
I agree you add access rights,but may somewhere else this user haven't rights of other object, so in that case user also can not save because of access rights.
can you show me in image or in more detail?
This question has been raised before here, but I am getting the same issue, despite being added as a co-admin under my account. The previous question does not make it clear as to what the fix was to get it working, hence me asking again.
I am trying to get a list of users using the following GET request:
https://api.box.com/2.0/users
I am setting the Authorization header with a valid access token. However, when I make the request I get back a 403 Forbidden error, with the message "The request requires higher privileges than provided by the access token".
Just to prove the tokens are correct, I am able to get my own user information using the https://api.box.com/2.0/users/me API, which return a JSON object with my information.
So my question is, is there anything else I need to do/configure to get this working?
In order to give your access tokens enterprise-level privileges, you must enable the Manage an Enterprise scope in your Box application.