Access to User.get as a Developer


I am part of the developer admin group. I noticed that I have access to fetch on the User type but, I can’t do use the get function on the type. Shouldn’t I be able to access that function if I can do a fetch on User?


I would assume these are the same permission levels but you can check using the Authorizer C3 type:

// Is the current user authorized to execute the given action?
Authorizer.isAuthorized('User', 'get')    // should return true
Authorizer.isAuthorized('User', 'fetch')  // should return true

// Get the Authorization Action Group for given action.
Authorizer.actionGroup('User', 'get')   // should return "read"
Authorizer.actionGroup('User', 'fetch') // should return "read"

// Get the list of roles that are authorized to invoke given action.
Authorizer.actionAuthzRoles('User', 'get')
Authorizer.actionAuthzRoles('User', 'fetch')

I checked and Authorizer.isAuthorized(‘User’,‘get’) returns false. I am part of these roles: [DefaultAccessRole, DeveloperRole]


Authorizer.actionAuthzRoles(‘User’, ‘get’) does return DeveloperRole as a role that has access.


If you run

Authorizer.actionPermissions('User', 'get', '<tenant>', '<tag>')

You will get an ActionPermissions result, which contains a list of ActionPermissions in there. An ActionPermission specifies what condition a user is allowed to do something on (read more at http://<environment-url>/api/1/<tenant>/<tag>/documentation/topic/access-control.c3doc)

One (or several) of those action conditions should be related to DeveloperRole - check the condition under that. If the condition is something like (1 == 1) then you got some other issue, but if it’s something else then you need to satisfy that condition


I ran that command and I only see one action condition (1==1) under the DeveloperRole. So, it seems like we have some other issue.