• State Suggested Answer
  • Locked Locked
  • Replies 27 replies
  • Answers 3 answers
  • Subscribers 95 subscribers
  • Views 15596 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

unable to create PersonWantsOrg via RESTApi

Kevin.Gorton
over 6 years ago 
We try a Post request to the PersonWantsOrg table with the following example body:
{
    "values": {
        "UID_Org": " 5c490797-b3ae-47c5-b2da-f1bc0e9ab675",
        "UID_PersonInserted":"8e93db71-7dc8-4f7f-bb2e-66c1951e85a3",
        "UID_PersonOrdered": "8e93db71-7dc8-4f7f-bb2e-66c1951e85a3",
        "OrderReason":"Test request via api"
    }
}

but receive the following error:
{
    "responseStatus":{
        "message":"This employee Fellers Joshua (JOSHUA.FELLERS) is not authorized to make requests at this point."},
        "errorString":"This employee Fellers Joshua (JOSHUA.FELLERS) is not authorized to make requests at this point.",
        "exceptions":[{"number":2133173,"message":"This employee Fellers Joshua (JOSHUA.FELLERS) is not authorized to make requests at this point."}]
    }
}

We verified the same request can be made by the user in ITShop.  and the person logged into the API has a System user of viAdmin assigned to it.   

Parents
  • 0 over 5 years ago

    Please check that no other request for the same product for the user exists currently. If another request already exists you are not allowed to request it again. This happens easily if you always test with the same combination of product and recipient.

Reply
  • 0 over 5 years ago

    Please check that no other request for the same product for the user exists currently. If another request already exists you are not allowed to request it again. This happens easily if you always test with the same combination of product and recipient.

Children
  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    We tried a couple different users,  and verified there were no requests out there already. Same results.

  • 0 over 5 years ago in reply to Kevin.Gorton

    In regards to the authentication, so you end up with a person that has viadmin assigned as Person.DialogUser. Correct?

    But you verified the in the IT Shop that the user itself is able to request the products in question. Correct?

    Last question (should be the first but forgot to ask), what version of OneIM are you using?

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    Sorry. Should have already stated the version in my question.   we are on 7.1.2

    And yes you are correct on your other statements.

  • 0 over 5 years ago in reply to Kevin.Gorton

    I strongly believe that you are not allowed to insert the request on behalf of others as the person using the viadmin user. You can verify this by trying to insert an entry into PersonWantsOrg in the ObjectBrowser using the same authenticator settings as for your ReST calls. I believe it will fail as well.

    If so, then your system user needs to have the flag IsServiceAccount set. And no, you cannot set the flag for viadmin.

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    so we have a copy of viAdmins as dcgsAdmin all permissions are checked in permissions Group Editor, made sure that is not a dynamic user, and is listed under system users,  We just assigned that to the user instead of viAdmin,  and tested again.  still same error.

  • 0 over 5 years ago in reply to Kevin.Gorton

    Sorry. I'll have to correct my post. The flag is called IsServiceAccount that has to be set at the system user.

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    Markus.  Thank you again for your reply.   We have checked the isServiceAccount checkbox,  committed, and compiled.   and we are still receiving the same error.

    Although we logged into object browser, and non of the DCGS_User Permissions seem to be there either.    Troubleshooting that and readdressing.

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    Please note our end goal is to enable a process (via web interface) that a user can perform self-service on requesting access (like in ITShop). IE a non-priv user should be able to make a request. I would not expect a regular user to be flagged as a service account. What is the process/correct method, via the API, for a regular user to be able to make such a request? I assumed, the above API call could be made by any authenticated user. What permissions are required to make a new request? It appears that ITShop does it via direct SQL commands. How can, if at all, this be done via the API? If the call has to be made from a privileged service account, that is ok, just need to know what those privileges look like as everything we have tried has failed. 

  • 0 over 5 years ago in reply to joshua fellers

    The above API call can be made by any authenticated user for himself, if the normal request requirements are fulfilled (Receiver of the requested product needs to be a member of the shop the product is requested from, if the product is not multi-requestable the receiver is not allowed to have the product assigned already, ...).

    The ootb Web Portal is using the object layer as all other tools.

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    Just as an addition.

    I re-created your sample in my 8.0.1 and 7.1.3 test environments and was able to insert a new request for myself (means for the logged in user) over the REST API without any special permissions and without any error.

    Thing is, as I have said before, you will get the error message from your initial thread entry if the same product is already assigned for the recipient or if another approval process for the same product has already been started.