Skip to main content
Solved

Edit usr_id in IAM

DenisaViulet
Sidekick
Forum|alt.badge.img+2

Hello! 

I am trying to edit an usr_id for an IAM user and the patch request from the http connector fails. I have also tried to call the “task_rename_usr_general” in a process or a task, but it returns an error: “"not_authorized_usr_admin"”. I have to mention that if I want to execute the exact same task manually from IAM, it works, it just fails if I try to call it externally (in a SF process/task or in the SSMS). Do you have any idea what could be the problem or if I should try another approach?

Best answer by Vincent Doppenberg

Hello @DenisaViulet,

Are you experiencing this problem in a tool like Postman or Insomnia? If so, please be aware that cookies override the Basic Authorization header. In other words, if you perform a request when authenticated as user1 and then change your authentication to user2, your next request will still be authenticated as user1, because user1 never logged out.

In a user interface, you would not be able to see the login screen if you have an existing session, you would have to log out first to start a new one. The easiest way to do this in Postman or Insomnia is simply deleting your cookies.

I hope this helps.

View original
Dave Bieleveld Starcode
1 person likes this
  • Dave Bieleveld Starcode
    Dave Bieleveld Starcode
Did this topic help you find an answer to your question?
This topic has been closed for comments

3 replies

Jeroen van den Belt
Administrator
Forum|alt.badge.img+9

Hi @DenisaViulet,

This error occurs when you don't have the administrative rights to delete the current user.

As you can see, this is determined by calling the function dbo.is_authorized_usr_admin. This functions performs several checks. Based on your role, it can return that you are authorized to change the user, or not. See this example:

The first 2 checks, but there are more checks

I don't know how familiar you are with SQL, but since you know what roles you have, perhaps it is an option that you debug this function yourself?

For now, I don't have an explanation for the difference in behavior when executing the rename task in IAM or externally. In the case of externally, are you sure that the parameters are filled in exactly the same way as in IAM?

DenisaViulet
Sidekick
Forum|alt.badge.img+2
  • DenisaViuletSidekick
  • Author
  • Sidekick
  • 11 replies
  • December 6, 2023

Hello! That is exactly how we debugged it. We think that maybe the session_context has something to do with it because is not setting as it should. Do you know how are we supposed to set it?

 

V
Moderator
Forum|alt.badge.img+4

Hello @DenisaViulet,

Are you experiencing this problem in a tool like Postman or Insomnia? If so, please be aware that cookies override the Basic Authorization header. In other words, if you perform a request when authenticated as user1 and then change your authentication to user2, your next request will still be authenticated as user1, because user1 never logged out.

In a user interface, you would not be able to see the login screen if you have an existing session, you would have to log out first to start a new one. The easiest way to do this in Postman or Insomnia is simply deleting your cookies.

I hope this helps.

Ricky
1 person likes this
  • Ricky
    Ricky
Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings