Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Does the users API support sending multiple roles on a user create post call? The documentation only shows an example with one name in assignedRoles.
Sure. Example body:
{
"name": "John Smith",
"email": "john.smith@corp.example",
"picture": "https://corp.example/docs/jsmith.png",
"subject": "1234asdasa6789",
"assignedRoles": [
{
"name": "Developer"
},
{
"name": "TenantAdmin"
}
]
}
@Levi_Turner thanks for the response. Do you know if the role ID is required in the post call?
No, just the role name. The above call results in this:
(the other roles are auto-assigned by the system, which is optional, of course).
@Levi_Turner I was taking a closer look at the image you sent and noticed a lot of roles showing in the permissions overview. Why does the permissions overview not just say "tenant admin" and "developer"? There are lost of other permissions listed like "autoML contributor" and "automation creator", etc. Are those defaults for every user?
For this tenant? Yes. We've set it up so that everyone who logs in get those roles.
You're obviously able to change that to your requirements.
@Levi_Turner sorry for one more question. We're getting a 403 error:
The traceId for the error in the json body returned
a2e44e1bdbf445f5d676197e063dc385
Can you provide any guidance on a root cause of this type of error? Where could we be missing permissions?
403 is a post-authentication denial for permission reasons, so your user (who created the API key or the Oauth identity) isn't authorized to perform this action.
@Levi_Turner we decided to manage roles in the QMC and not send roles from Okta. Management falls to the Qlik admin instead of our access team but that's okay for us. Thanks for your comments on this post.