AnsweredAssumed Answered

Rest API Querying group membership error

Question asked by Grant Bruneau Champion on Jan 22, 2016
Latest reply on Aug 4, 2016 by Sensiple

Hi Community!


We have an odd issue regarding using the REST API to query for group membership. In this scenario, we have an application which correctly logs in using the PIN-Use validation type and acquires the access key (e.g. https://rest-server/caisd-rest/rest_access). It then successfully looks up the current user's details (e.g. https://rest-server/caisd-rest/cnt?WC=userid%3D'user-id') and retrieves the group_list attribute. However, when trying to lookup the group membership properties to find out the name of the group of which the user is a member (e.g. https://rest-server/caisd-rest/grpmem/?WC=member%3DU%27AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%27), the REST Server returns a 401: Unauthorized error with the message "This operation requires Function Access for 'group' equal to 'View or Modify'." This shows up as below in the jrest.log:

01/22 11:32:06.058 [http-bio-8050-exec-3] ERROR SDMCRUDServiceImpl 1660 This operation requires Function Access for 'group' equal to 'View or Modify'. {http://rest-server/caisd-rest/grpmem/?WC=member%3DU%27AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%27}

We have created a specific Access Type and Role for application users.  The access type is setup with PIN-Use validation and the Licensed? checkbox is checked.  The role attached to this access type has all available functional access set to Modify, including Contact and Group.  However, application users configured with the mentioned access type and role are unable to query group membership.  When using our the ServiceDesk user for the process, the grpmem query succeeds. We have been unable to determine what permissions or other settings need to be modified to give the application user permission to query the grpmem and group objects. We have also tried this process manually via tools like the Advanced REST Client Chrome application ( with the same result.


Any help is appreciated!  Thanks!