When connecting to my organizational AGOL account via the Python API, I have found lately that while the login appears to succeed, I do not have the same level of access to my items that I have when accessing them through the AGOL browser interface or ArcGIS Pro.
Setup
First, I import my packages:
from arcgis.gis import *
from IPython.display import display
My organizational account must be authenticated via OAuth 2.0. I have followed the instructions here for authenticating with OAuth 2.0. I have created an application called Python and used the following code to login.
gis = GIS("https://{{ MY_ORG }}.maps.arcgis.com", client_id='{{MY_APP_ID}}')
print("Successfully logged in as: " + gis.properties.user.username)
This appears to work with no problem as there are no errors returned and the following statement is printed:
Successfully logged in as: {{ MY USERNAME }}
However, problems arise when I try to access any of my items. Note, by "my items" I mean those for which I am the item owner. For the sake of example, let's say I try to access an item by its item number:
item = gis.content.get('{{SOME ITEM ID}}')
display(item)
This throws the following error
You do not have permissions to access this resource or perform this operation.
---------------------------------------------------------------------------
RuntimeError Traceback (most recent call last)
<ipython-input-3-faf871f03a5b> in <module>()
----> 1 gis.content.get('{{ SOME ITEM ID }}')
~\Miniconda3\envs\arcpython\lib\site-packages\arcgis\gis\__init__.py in get(self, itemid)
2653 return None
2654 else:
-> 2655 raise re
2656
2657 if item is not None:
~\Miniconda3\envs\arcpython\lib\site-packages\arcgis\gis\__init__.py in get(self, itemid)
2648 """
2649 try:
-> 2650 item = self._portal.get_item(itemid)
2651 except RuntimeError as re:
2652 if re.args[0].__contains__("Item does not exist or is inaccessible"):
~\Miniconda3\envs\arcpython\lib\site-packages\arcgis\_impl\portalpy.py in get_item(self, itemid)
1206 ================ ========================================================
1207 """
-> 1208 return self.con.post('content/items/' + itemid, self._postdata())
1209
1210 def get_item_data(self, itemid, try_json=True):
~\Miniconda3\envs\arcpython\lib\site-packages\arcgis\_impl\connection.py in post(self, path, postdata, files, ssl, compress, is_retry, use_ordered_dict, add_token, verify_cert, token, try_json, out_folder, file_name, force_bytes, add_headers)
1154 verify_cert=verify_cert, is_retry=True)
1155
-> 1156 self._handle_json_error(resp_json['error'], errorcode)
1157 return None
1158
~\Miniconda3\envs\arcpython\lib\site-packages\arcgis\_impl\connection.py in _handle_json_error(self, error, errorcode)
1175
1176 errormessage = errormessage + "\n(Error Code: " + str(errorcode) +")"
-> 1177 raise RuntimeError(errormessage)
1178
1179 class _StrictURLopener(request.FancyURLopener):
RuntimeError: You do not have permissions to access this resource or perform this operation.
(Error Code: 403)
I have tested this process under a few different scenarios and not had these permission errors arise:
Has anyone encountered this issue before? Any thoughts on how to troubleshoot?
Ryan,
Any luck authenticating AGOL with ADFS using Python API? Did you end up having plan B?
I am getting this error just accessing the shared_with property of an Item (a hosted feature layer, in this case). It is very strange, because the same code does not have this problem with a different hosted feature layer. This is a property of the item and should not be reaching out to AGOL to access it, so my gut is telling me that this is NOT some AGOL permission error, despite the error output text. (At least in my case, not sure about the original post.)
When I stop the code in debug mode, my debugger says it is unable to get repr (i.e.: string representation) for the shared_with property, it's groups list and the 2nd member of that list. The org and everyone bool elements that look right. The item is shared with 2 groups (the 1st and 3rd with the names crossed out), but for some reason, there is a 3rd group in the list.
I'm not sure if my problem is the same as yours, but this feels like an Esri bug, not some actual permissions error. I got the same error just trying to print the item.shared_with value.
See attached file for the errors I was able to produce when I stopped my code in debug mode using Eclipse PyDev as my IDE. I poked at the object and was able to produce the error trying to access each of the yellow highlighted elements in my screenshot. Here is the short version:
>>> item
<Item title:"<_redacted_>" type:Feature Layer Collection owner:<_redacted_>>
>>> item.shared_with
Traceback (most recent call last):
File "C:\eclipse\plugins\org.python.pydev.core_7.6.0.202006041357\pysrc\_pydevd_bundle\pydevd_exec2.py", line 3, in Exec
exec(exp, global_vars, local_vars)
File "<console>", line 1, in <module>
File "C:\Users\username\AppData\Local\ESRI\conda\envs\dev\lib\site-packages\arcgis\gis\__init__.py", line 5562, in __repr__
return '<%s title:"%s" owner:%s>' % (type(self).__name__, self.title, self.owner)
File "C:\Users\username\AppData\Local\ESRI\conda\envs\dev\lib\site-packages\arcgis\gis\__init__.py", line 5540, in __getattr__
self._hydrate()
File "C:\Users\username\AppData\Local\ESRI\conda\envs\dev\lib\site-packages\arcgis\gis\__init__.py", line 5533, in _hydrate
groupdict = self._portal.get_group(self.groupid)
File "C:\Users\username\AppData\Local\ESRI\conda\envs\dev\lib\site-packages\arcgis\gis\_impl\_portalpy.py", line 906, in get_group
return self.con.post('community/groups/' + group_id, self._postdata())
File "C:\Users\username\AppData\Local\ESRI\conda\envs\dev\lib\site-packages\arcgis\gis\_impl\_con\_connection.py", line 694, in post
force_bytes=kwargs.pop('force_bytes', False))
File "C:\Users\username\AppData\Local\ESRI\conda\envs\dev\lib\site-packages\arcgis\gis\_impl\_con\_connection.py", line 493, in _handle_response
self._handle_json_error(data['error'], errorcode)
File "C:\Users\username\AppData\Local\ESRI\conda\envs\dev\lib\site-packages\arcgis\gis\_impl\_con\_connection.py", line 511, in _handle_json_error
raise Exception(errormessage)
Exception: You do not have permissions to access this resource or perform this operation.
(Error Code: 403)
More than 2 years after asking this question and forgetting about it, I happened upon this thread while troubleshooting a similar inability to access non-public items that are either mine or accessible to me via sharing. I'm better at Python now so I was able to hack together a workaround that may be useful for others. Basically, it involves circumventing the ArcGIS Python API and instead using requests to return a JSON response with your data. From there, you can use pandas or, in my case, geopandas, to get the data in a more table-like format.
import requests
import json
from arcgis.gis import GIS
gis = GIS("https://myorg.maps.arcgis.com", client_id='abc123', verify_cert = True)
layer_url = 'https://services.arcgis.com/myorg/arcgis/rest/services/my_layer/FeatureServer/0/query'
layer_params = {
"where": "1=1",
"f": "geojson",
"outSR": 4326,
"outFields": "*",
"token": gis._con.token
}
layer_r = requests.get(layer_url, layer_params)
layer_json = json.dumps(layer_r.json())
I still don't understand why authenticating with OAuth2 has any bearing on accessing private items through the Python API, but if you're just trying to get at the data in a non-public layer, this may work for you.