I am part of the developer admin group. I noticed that I have access to fetch on the User type but, I can’t do use the get function on the type. Shouldn’t I be able to access that function if I can do a fetch on User?
I would assume these are the same permission levels but you can check using the
Authorizer C3 type:
// Is the current user authorized to execute the given action? Authorizer.isAuthorized('User', 'get') // should return true Authorizer.isAuthorized('User', 'fetch') // should return true // Get the Authorization Action Group for given action. Authorizer.actionGroup('User', 'get') // should return "read" Authorizer.actionGroup('User', 'fetch') // should return "read" // Get the list of roles that are authorized to invoke given action. Authorizer.actionAuthzRoles('User', 'get') Authorizer.actionAuthzRoles('User', 'fetch')
I checked and Authorizer.isAuthorized(‘User’,‘get’) returns false. I am part of these roles: [DefaultAccessRole, DeveloperRole]
Authorizer.actionAuthzRoles(‘User’, ‘get’) does return DeveloperRole as a role that has access.
If you run
Authorizer.actionPermissions('User', 'get', '<tenant>', '<tag>')
You will get an
ActionPermissions result, which contains a list of
ActionPermissions in there. An ActionPermission specifies what condition a user is allowed to do something on (read more at
One (or several) of those action conditions should be related to
DeveloperRole - check the condition under that. If the condition is something like
(1 == 1) then you got some other issue, but if it’s something else then you need to satisfy that condition
I ran that command and I only see one action condition (1==1) under the DeveloperRole. So, it seems like we have some other issue.