RingCentral Forwarding Number API `ReadUserForwardingFlipNumbers` permission - roles

When I try the RingCentral Get Forwarding Number API:
GET /restapi/v1.0/account/{accountId}/extension/{extensionId}/forwarding-number
I get this error:
{
"errorCode" : "CMN-408",
"message" : "In order to call this API endpoint, user needs to have [ReadUserForwardingFlipNumbers] permission for requested resource.",
"errors" : [ {
"errorCode" : "CMN-408",
"message" : "In order to call this API endpoint, user needs to have [ReadUserForwardingFlipNumbers] permission for requested resource.",
"permissionName" : "ReadUserForwardingFlipNumbers"
} ],
"permissionName" : "ReadUserForwardingFlipNumbers"
}
I don't see this permission in the Online Account Portal (https://service.ringcentral.com), even under the Super Admin role. How can I resolve this and access this API?

ReadUserForwardingFlipNumbers is a user permission that is configured in the Online Account Portal. The user's assigned role needs to have the following corresponding permission in the Online Account Portal:
User Settings > Messages & Notifications
You can see this in the Online Account Portal under:
Users > Roles > {Role Name}
For example:
You can verify if your user has this permission by calling the following endpoint:
GET /restapi/v1.0/account/{accountId}/extension/{extensionId}/authz-profile
This will return a JSON object with a permissions property with an array of permissions. This permission looks like the following:
{
"permission": {
"uri": "https://platform.devtest.ringcentral.com/restapi/v1.0/dictionary/permission/ReadUserForwardingFlipNumbers",
"id": "ReadUserForwardingFlipNumbers",
"assignable": false,
"readOnly": false,
"siteCompatible": "Independent"
},
"effectiveRole": {
"uri": "https://platform.devtest.ringcentral.com/restapi/v1.0/dictionary/user-role/3",
"id": "3"
},
"scopes": [
"Self"
]
},

Related

Why I'm getting a 403 (Insufficient Permission) error on Google Workspace Admin SDK?

When I try to access Admin SDK API I get this error:
XHRGEThttps://admin.googleapis.com/admin/directory/v1/users?customer=some_custumer
[HTTP/3 403 Forbidden 220ms]
Even passing a API_KEY (&key=my_api_key), the same happens.
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"errors": [
{
"message": "Insufficient Permission",
"domain": "global",
"reason": "insufficientPermissions"
}
],
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"method": "ccc.hosted.frontend.directory.v1.DirectoryUsers.List",
"service": "admin.googleapis.com"
}
}
]
}
}
Header:
www-authenticate
Bearer realm="https://accounts.google.com/", error="insufficient_scope", scope="https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/directory.user https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/apps.directory.user.readonly https://www.googleapis.com/auth/directory.user.readonly https://www.googleapis.com/auth/cloud-platform"
I've configured my app on Google Console. Configured the authentication and scopes like this scopes. I've also configured domain-wide-delegation in Admin Console. I'm expecting to list all Workspace users through this API, but I got this error.
The OAuth works fine.
I am not sure what you are using but here you have my assumptions:
If you are using OAuth, you will need to use a user with enough
privileges to list your users (a super admin account for example)
If you are using a service account, besides allowing wide domain
delegation you need to implement impersonation in your code, that
way you will specify which account the service account will
impersonate to make the API call. So, it is very important to
impersonate an account with enough permissions
If you have any questions please let me know

BigQuery Python API - Not able to authenticate using user

I have a project owner permission on bigquery. And I able to create/delete/insert records into bigqquery table from UI.
However, when I am trying from Python, I am getting following error.
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "CREDENTIALS_MISSING",
"domain": "googleapis.com",
"metadata": {
"method": "google.cloud.bigquery.v2.JobService.ListJobs",
"service": "bigquery.googleapis.com"
}
}
]
}
}
Following is my code
def insert_data():
client = bigquery.Client()
job_config = bigquery.LoadJobConfig(
write_disposition=bigquery.WriteDisposition.WRITE_TRUNCATE,
source_format=bigquery.SourceFormat.CSV,
skip_leading_rows=1,
)
uri = " gs://xxx/csv_files/csv_test.csv"
table_id="xxx.Gaurang.csv_data"
load_job = client.load_table_from_uri(
uri, table_id, job_config=job_config
) # Make an API request.
load_job.result() # Waits for the job to complete.
You must authenticate when you use Google's libraries; Cloud Console and gcloud authentication does not extend transparently to code using the libraries.
Google's documentation is comprehensive and an example is here:
https://cloud.google.com/bigquery/docs/reference/libraries
Generally code run as a Service Account; the Service Account provides an identity and -- with Google Cloud services -- IAM provides roles/permissions based access, see BigQuery: access control with IAM.
Google provides a mechanism called Application Default Credentials that facilitates running code as a Service Account.

Github GraphQL API V4: INSUFFICIENT_SCOPES

When I query GitHub's GraphQL API with the following:
query RetrievePackagesAssociatedWithRepo($repo: String!, $owner: String!) {
repository(name: $repo, owner: $owner) {
packages(packageType: NPM, first: 10) {
edges {
node {
id
name
packageType
}
}
}
}
}
I received an error stating:
{
"errors": [
{
"type": "INSUFFICIENT_SCOPES",
"locations": [
{
"line": 6,
"column": 11
}
],
"message": "Your token has not been granted the required scopes to execute this query. The 'id' field requires one of the following scopes: ['read:packages'], but your token has only been granted the: ['read:gpg_key', 'read:org', 'read:public_key', 'read:repo_hook', 'repo', 'user'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens."
},
I followed the link https://github.com/settings/tokens and added the necessary permissions.
I tried to Authorizing a personal access token for use with SAML single sign-on but, the SSO button to enable is not present.
development settings token
Documentations I Followed: Creating Personal Token! | Authorizing Personal Token!
After trying out theses methods, the same error message persists "Your token has not been granted the required scopes".
My goal, through Github's API, is to retrieve packages associated with its repository.
Is there something I'm missing.

Mimecast API authentication issue

trying to connect to endpoint with all needed headers defined:
https://us-api.mimecast.com/api/login/login.
Error message receieved : 0018 Client update required
Did anyone encounter/solve this issue?
{
"meta": {
"status": 401
},
"data": [],
"fail": [
{
"key": {
"username": "datadash#itprosusa.com",
"tokenType": "key",
"verifyOnly": false
},
"errors": [
{
"code": "err_xdk_client_update_required",
"message": "0018 Client update required",
"retryable": false
}
]
}
]
}
I came across the same error message when trying to get Access key and Secret Key. You can actually get these in the Mimecast portal UI by going to: Administration | Services | APIĀ Applications, then Add API Application fill in the details and wait 30 minutes. After 30 minutes click on your newly created API application and select Create Keys, fill in the required information and it will provide you with your Access key and Secret key used for API calls.
If this doesn't answer your question or help you I would suggest getting in contact with Mimecast Support, they are usually pretty good!

Error when moving Azure storage account to another resource group

I wanted to move Azure storage account from one resource group to another (both in the same subscription). I issued command like this:
Get-AzureResource -Name storage1 -ResourceGroupName RG-Test | Move-AzureResource -DestinationResourceGroupName Test01
but got error:
Move-AzureResource : {
"Error": {
"Code": "104",
"Message": "Resources '/subscriptions/<guid>/resourceGroups/RG-Test/providers/Microsoft.Storage/storageAccounts/storage1' could not be moved. The tracking Id is
'cf831a76-983d-4b0a-924f-437ad75fc5e3'",
"Target": null,
"Details": [
{
"Code": "0",
"Message": "{\"error\":{\"code\":\"HttpResourceNotFound\",\"message\":\"No HTTP resource was found that matches the request URI
'https://globalxls.storage.azure.com:443/subscriptions/<guid>/resourceGroups/RG-Test/moveResources?api-version=2015-05-01-preview'.\"}}",
"Target": "Microsoft.Storage/storageAccounts",
"Details": null
}
]
}
}
The resource exists - I verified the first command returns the resource.
What can I do to move the storage account? The problem occurs for "Storage account" (with the green icon), not for "Storage account (classic)" with the blue icon in management portal.
Ok, verified - storageAccounts don't support the move api just yet.