cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Error triggering workflow

yuesong_teh
Observer

Hi,

My end encountered error below when trying to trigger workflow:

yuesong_teh_1-1679282928526.png

Error: Forbidden
Error Description: IAM policy condition does not match

 

Upon checking on the authorization setting, seems like my role doesn’t have sufficient permission to modify it:

yuesong_teh_2-1679283093484.png

 

Attached the policy assigned to my account, perhaps there is any rule related to workflow missing out that I am not aware off?

 

Thanks in advance for the reply.
Regards,
Teh

6 REPLIES 6

s_eilmsteiner
Dynatrace Enthusiast
Dynatrace Enthusiast

I think you miss:

'automation:workflows:run'
 'automation:workflows:write'

Hi s_eilmsteiner,

Thanks for your response.
Had added both rule under policy but no luck.

Regards,
Teh

michal_zawislak
Dynatrace Helper
Dynatrace Helper

Could you please open developer tools in your browser and go to the "Authorization Settings" view and show the response to the 

 platform/iam/repo/environment/<tenant>/bindings/...

 For me, it looks like you're missing "iam:bindings:*" permissions.

Senior Software Engineer @ Dynatrace

Hi Michal,

Thanks for your response.
Not sure if I get you correctly, but I didn't see any here:

yuesong_teh_0-1679317838644.png

Didn't see authorization setting available.

And yeap, still having this error message:

yuesong_teh_1-1679317910883.png

 

I believe it is something to with the policy rule.
Wondering if there is any documentation that I can refer to sort out the missing rules?

Thanks.
Regards,
Teh

Hi Teh,
We have found a missing piece on our side (an internal policy binding was not there). Now, you should be able to run workflows without any problems. Could you please confirm that?

Please also make sure that you consent to at least "Primary Permissions" in the "Authorization Settings" (top right) in the Workflow app. 

michal_zawislak_0-1679556247392.png

 

Senior Software Engineer @ Dynatrace

Hi Michal,

Good news, it is working now!!!
Big thanks.

Regards,
Teh