Forbidden.action error while calling user provising API

dchouksey89 · February 8, 2023, 3:26pm

Hi Experts,

I want to disabled to user via API. I have API key and organization id which using as authentication. I am getting forbidden.action error while calling API via postman.

Could you suggest me the fix here?

API URL:

https://api.atlassian.com/users/<account_id_to_disable>/manage/lifecycle/disable

Error:

{
    "key": "forbidden.action",
    "context": {
        "allowed": false,
        "reason": {
            "key": "xxxxxxxxx"
        }
    },
    "errorKey": "forbidden.action",
    "errorDetail": {
        "allowed": false,
        "reason": {
            "key": "xxxxxxxx"
        }
    }
}

Reference:
The User management REST API REST API (atlassian.com)

sunnyape · February 9, 2023, 3:14am

Hello @dchouksey89

Did you use the Get user management permissions endpoint first, to confirm that the lifecycle.enablement response was True to know that you have the permission to disable that user?

As it says in the Deactivate a user endpoint documentation, if you get a forbidden.action error, that means “You are authenticated but do not have the authority to take this action.”

dchouksey89 · February 9, 2023, 7:52am

Hi @sunnyape ,

I don’t have this permission but how to enable this permission. I am the both org and site admin but still not able to find option to enable lifecycle.enablement permission.

Any steps?

 "lifecycle.enablement": {
        "allowed": false,
        "reason": {
            "key": "xxxxx"
        }
    },

sunnyape · February 9, 2023, 8:26am

So, it was just a permissions problem.

You haven’t said what steps you have taken to narrow the problem down yourself, such as…

Have you re-generated an new org admin API token?
Have tried that newly re-generated token to see if the results are different?
Have you asked others in your organisation who are also org admins to try their API tokens?
When you login to the Admin GUI at admin.atlassian.com what options are on or off for your org admin account?
When you view a regular user’s account via the Admin GUI, can you manually disable their account that way?
Does the problem happen for all users or only some users?
Are those users manually added to your environment or synced via a third party account integration tool?

etc, etc, etc

Work your way through the problem methodically and eliminate the known factors.

Good luck.