SAP Knowledge Base Article - Public

3746703 - Error "403 forbidden Authenticated user is not permitted to perform the requested operation" occurred when using APIs to run or get logs of Task Chain from SAP Datasphere

Symptom

Error "403 forbidden  Authenticated user is not permitted to perform the requested operation" occurred when using below APIs to run or get logs of Task Chain:

https://<tenant_url>/api/v1/datasphere/tasks/chains/<space_id>/run/<objectid>

https://<tenant_url>/api/v1/datasphere/tasks/logs/<space_id><logid>

https://<tenant_url>/api/v1/datasphere/tasks/logs/<space_id>/objects/<objectid>

Environment

SAP Datasphere

Reproducing the Issue

  1. Create an OAuth client configured with "API Access" purpose.
  2. Use the OAuth client in the third part tools, like Postman and use APIs to run or get logs of Task Chain:

    https://<tenant_url>/api/v1/datasphere/tasks/chains/<space_id>/run/<objectid>

    https://<tenant_url>/api/v1/datasphere/tasks/logs/<space_id><logid>

    https://<tenant_url>/api/v1/datasphere/tasks/logs/<space_id>/objects/<objectid>

  3. Error occurs.

Cause

API to run or get logs of Task Chain cannot be executed by the OAuth Client with the "API Access" purpose. More information is available here:
Create OAuth2.0 Clients to Authenticate Against SAP Datasphere

Resolution

Create and use an OAuth client with the "Technical User " purpose: 

Create an OAuth2.0 Client with a Technical User Purpose

See Also

Managing Tasks via the REST API

Keywords

KBA , DS-API , SAP Datasphere APIs , DS-SEC-AUTN , Authentication: SSO/SAML, OAuth Client , Problem

Product

SAP Datasphere all versions