This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can't assign iam:groups:read policy to oauth2 client

DaveOps
Contributor

‎12 Sep 2024 11:28 AM - last edited on ‎13 Sep 2024 07:21 AM by Community Team

Can't assign `iam:groups:read` policy to oauth2 client to be able to get a bearer token via sso which allows me to interact with the `/platform/iam/v1` api.

Received the following response:

 

{

    "error": {

        "code": 403,

        "message": "User not authorized."

    }

}

 



Please advise.

Labels:
0 Kudos
Reply
3 REPLIES 3

Patryksp
Observer

‎12 Sep 2024 02:01 PM

Hi,

Could you please provide the request that you executed?

Best Regards
Patryk

0 Kudos
Reply

DaveOps
Contributor

‎12 Sep 2024 02:41 PM - edited ‎12 Sep 2024 02:46 PM

 

 

 

GET https://{environmentid}.apps.dynatrace.com/platform/iam/v1/organizational-levels/environment/tkx85859/groups?partialGroupName=poc&pageSize=1000403
290 ms
GET /platform/iam/v1/organizational-levels/environment/tkx85859/groups?partialGroupName=poc&pageSize=1000 HTTP/1.1
Authorization: Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEifQ.eyJzdWIiOiIyOTQxMDc1Yi1lYjM0LTQwZmYtYTE3MC01M2M1NjIyYWVjNDciLCJyZXMiOiJ1cm46ZHRhY2NvdW50OmNmYmU0ZGRmLWZkOTktNDU4ZS1iMmE2LWJkNDQ5OTRlZmQxMSIsIl9jbGFpbV9uYW1lcyI6eyJncm91cHMiOiIwIn0sInByZWZlcnJlZF91c2VybmFtZSI6IjI5NDEwNzViLWViMzQtNDBmZi1hMTcwLTUzYzU2MjJhZWM0N0BzZXJ2aWNlLnNzby5keW5hdHJhY2UuY29tIiwiZ3QiOiJjYyIsImludCI6ZmFsc2UsImF1ZCI6ImR0MHMwMi5ZTllLRlI1SCIsInNjb3BlIjoiYWNjb3VudC1lbnYtcmVhZCBhY2NvdW50LWlkbS1yZWFkIiwiX2NsYWltX3NvdXJjZXMiOnsiMCI6eyJlbmRwb2ludCI6bnVsbH19LCJleHAiOjE3MjYxNDg5NjQsImlhdCI6MTcyNjE0ODY2NCwianRpIjoiNjZkMWMzMmItZTBkYS00ZDg1LWE4MWItNmZiMTFhNDY3NzNlIiwiZW1haWwiOiIyOTQxMDc1Yi1lYjM0LTQwZmYtYTE3MC01M2M1NjIyYWVjNDdAc2VydmljZS5zc28uZHluYXRyYWNlLmNvbSJ9._obETzSjgLjpCivGhSeA4GO2Rb1UH9tXlovKyqUB7GCpwmTieVILER1TpqykMwh_Dr44XcP1exDXGEiPb7_PKw
User-Agent: PostmanRuntime/7.41.2
Accept: */*
Cache-Control: no-cache
Postman-Token: 4c14a859-de4a-4bb2-9db2-515a08350d6b
Host: tkx85859.apps.dynatrace.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: AWSALB=HsIT5W022Crk334QBTqgjGr1P1C1OWh8AHF1cJMEYjlhljzpzLS2MVsH+JrjPGRVtithHfwKELtbFLjDWGW+pKBlEu659oqIGMrqm6vSMOzBu9p5HswhqF1PCjDe; AWSALBCORS=HsIT5W022Crk334QBTqgjGr1P1C1OWh8AHF1cJMEYjlhljzpzLS2MVsH+JrjPGRVtithHfwKELtbFLjDWGW+pKBlEu659oqIGMrqm6vSMOzBu9p5HswhqF1PCjDe
 
HTTP/1.1 403 Forbidden
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
date: Thu, 12 Sep 2024 13:44:50 GMT
content-type: application/json
content-length: 55
set-cookie: AWSALB=LZuDggOsubvZC5njtw6JCIpkchUnewTFivwz1lPERu4pNHdTT/TVuGqDPjizUY8LI0vMxBrvh6JDt1y3/zm3O8zP6lKmO8bJhOf9jdoSmDaXddsqgC2y7pLWnfdN; Expires=Thu, 19 Sep 2024 13:44:50 GMT; Path=/
set-cookie: AWSALBCORS=LZuDggOsubvZC5njtw6JCIpkchUnewTFivwz1lPERu4pNHdTT/TVuGqDPjizUY8LI0vMxBrvh6JDt1y3/zm3O8zP6lKmO8bJhOf9jdoSmDaXddsqgC2y7pLWnfdN; Expires=Thu, 19 Sep 2024 13:44:50 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=31536000
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
dynatrace-response-source: Service
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
traceresponse: 00-0f2113aef68326bccb3bc02310b4e92b-443eccf561ea5e80-01
x-dt-tracestate: 67e0a59d-8e83bf33@dt
 
{"error":{"code":403,"message":"User not authorized."}}

 

 

 

0 Kudos
Reply

Peter_Youssef
Champion

‎25 Sep 2024 08:18 PM

Hi @DaveOps 

You can validate the current configuration with IAM team against the provided documentation URL for step-by-step instructions:

Regards,

Peter.

0 Kudos
Reply
Ask a question

Featured Posts