Pega API - POST Assignment{ID} Role Privileges

General
, , , ,
1

We would like to make use of Out of the Box API capability in Pega Platform.

One challenge we have is around the Access Roles for the API user.

Administrator role gives access we need, but when we use a user will less privilege, we get an error on the POST Assignments{ID} which is:

“ID”: “Pega_API_012”,

“message”: “Unauthorized access for the given parameter ID”,

“pxObjClass”: “Pega-API-Error”

We also do not get the actions returned in the GET Assignments{ID} request, which we do as Administrator:

“actions”:

We would expect to see:

“actions”: [ { “ID”: “MyFlowAction”, “name”: “MyFlowAction”, “pxObjClass”: “Pega-API-CaseManagement-Action”, “type”: “Assignment” }]

The assignment is in the worklist of the authenticated operator, and the actionid is the flow action name, which works perfectly with the MyApp:Administrator Access Group, but not the MyApp:PegaAPI Access Group.

What privileges or configuration is needed on a “Principle of Least Privilege” approach for this API user?

2

If anyone comes across this question with a similar issue, I have resolved this myself.

The Access Role that the API calling operator requires must have the following defined:

@baseclass Read Instances: 5 Write Instances: 5

Hope this helps someone who had same issue as me!

:slight_smile:

3

Thanks @JamesR61 for sharing your resolution and marking it as the solution!

This will help many others in the future who have the same question as you!

4

@JamesR61

Where do I need to add the Baseclass with the read and write Instances ?

at the Available Roles, for the xxx:API oder xxx:ApplicationRole ?

5

@SinanH45

In the xxx:PegaAPI role.

Like this:

image_comment_843311_1.png
image_comment_843311_1.png1978×106 15.3 KB

image_comment_843311_1.png
image_comment_843311_1.png1978×106 15.3 KB