You do not have permission to access this Request Type (JSM)

LukaszWiatrak · June 14, 2023, 6:53pm

When making a request as an app (on the backend) to the following REST API endpoint:

/rest/servicedeskapi/servicedesk/${projectKey}/requesttype?expand=field

I sometimes see (on some customer instances) following error (403 response code):

{"errorMessage":"You do not have permission to access this Request Type.","i18nErrorMessage":{"i18nKey":"sd.admin.requestfield.edit.error.nopermission","parameters":[]}}

It happens pretty rarely, but if it happens, then the app is basically broken for such unlucky customers. I’m unable to reproduce it. Does anyone know what kind of permissions the app might be missing?

The application has BROWSE_PROJECTS permissions.

LukaszWiatrak · June 15, 2023, 5:15am

One clue is that where trying to access particular request type by ID as app user, following error is thrown:

You don't have permission to view this portal

How to add such permission for the app user and why is it missing in the first place?

LukaszWiatrak · September 9, 2023, 7:24am

I am still unable to reproduce this issue, and it is still affecting my customers. Is there anyone here that could help?

SanketParlikar1 · September 11, 2023, 11:51am

You can check couple of things:

Depending on your app framework (Forge/Connect/3LO) you can check the required app permissions for the given API. I was not able to find the API that you are referring to in https://developer.atlassian.com/cloud/jira/service-desk/rest/intro/#about. Can you share the doc link for the API?
In case of connect app, verify if you are creating the JWT using appropriate app_key, shared_secret and URLs.
If you are using user impersonation then verify if the impersonated user has appropriate permission to the requested objects. In this case app’s access to BROWSE_PROJECTS wont really matter.
403 is also seen in some rare scenarios where the problem may not be directly related to actual permissions but related to the license itself. Check if the JSM license for the given site is valid.

veloti · October 12, 2023, 8:50am

Hi, I’ve also countered the same proble. Here is an endpoint that returns this error.
I have a Connect plugin where I fetch request types for particular Service Desk project like so:

AP.request({
			url: `/rest/servicedeskapi/servicedesk/${serviceDeskId}/requesttype?expand=field`,
			type: 'GET',
			contentType: 'application/json',
			success: function(response) {
			},
			error: function(error) {
		    }
		})

So I’m trying to access this resource using user permission. And it works only when I logs as ORG Admin. I tried to add trusted user (not org admin) to administrators in service desk project, but it returns the error described in this thread.