Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
When attempting to execute a Talend Management Console (TMC) task using a Service Account via the Talend Management Console API, users may encounter an HTTP 403 Forbidden response—even if the Service Account is correctly configured.
When attempting to execute a task using the Processing API endpoint:
POST https://api.<region>.cloud.talend.com/processing/executionsthe API returns:
{ "status": 403, "requestId": "5303a858-8849-4572-ad37-4ce42c077c41", "message": "Forbidden" }
This issue typically arises when the necessary permissions for task execution are not granted prior to generating the service account token, or when the service account lacks specific functional permissions pertaining to task execution.
Observed behavior
The token generated via:
POST /security/oauth/token
is valid.
The Service Account permissions appear to include:
TMC_ENGINE_USE
TMC_ROLE_MANAGEMENT
TMC_SERVICE_ACCOUNT_MANAGEMENT
AUDIT_LOGS_VIEW
TMC_USER_MANAGEMENT
TMC_CLUSTER_MANAGEMENT
According to the documentation Using a service account to run tasks | Qlik Help Center, the Service Account must possess either TMCENGINEUSE or TMC_OPERATOR permissions; however, even with these permissions, the execution still fails.
Resolution
Step 1: Assign "Tasks and Plans – Edit" Permission
Navigate to Talend Management Console→ Users & Security → Service Accounts, and ensure the Service Account has the permission: Tasks and Plans – Edit
Step 2: Regenerate the Service Account Token
After updating permissions, regenerate service account Token.
This ensures that the token contains the updated permission set. Subsequently, rerunning the task via the API will work.
