Solved

Edit usr_id in IAM

  • 5 December 2023
  • 3 replies
  • 90 views
DenisaViulet
Rank
Userlevel 3
Badge +1

Hello! 

I am trying to edit an usr_id for an IAM user and the patch request from the http connector fails. I have also tried to call the “task_rename_usr_general” in a process or a task, but it returns an error: “"not_authorized_usr_admin"”. I have to mention that if I want to execute the exact same task manually from IAM, it works, it just fails if I try to call it externally (in a SF process/task or in the SSMS). Do you have any idea what could be the problem or if I should try another approach?

icon

Best answer by Vincent Doppenberg 6 December 2023, 15:24

View original
This topic has been closed for comments

3 replies

Jeroen van den Belt
Rank
Userlevel 5
Badge +8

Hi @DenisaViulet,

This error occurs when you don't have the administrative rights to delete the current user.

As you can see, this is determined by calling the function dbo.is_authorized_usr_admin. This functions performs several checks. Based on your role, it can return that you are authorized to change the user, or not. See this example:

The first 2 checks, but there are more checks

I don't know how familiar you are with SQL, but since you know what roles you have, perhaps it is an option that you debug this function yourself?

For now, I don't have an explanation for the difference in behavior when executing the rename task in IAM or externally. In the case of externally, are you sure that the parameters are filled in exactly the same way as in IAM?

DenisaViulet
Rank
Userlevel 3
Badge +1

Hello! That is exactly how we debugged it. We think that maybe the session_context has something to do with it because is not setting as it should. Do you know how are we supposed to set it?

 

V
Rank
Userlevel 6
Badge +4

Hello @DenisaViulet,

Are you experiencing this problem in a tool like Postman or Insomnia? If so, please be aware that cookies override the Basic Authorization header. In other words, if you perform a request when authenticated as user1 and then change your authentication to user2, your next request will still be authenticated as user1, because user1 never logged out.

In a user interface, you would not be able to see the login screen if you have an existing session, you would have to log out first to start a new one. The easiest way to do this in Postman or Insomnia is simply deleting your cookies.

I hope this helps.

Terms & ConditionsCookie settings