user.delete() call says I don't have permissions when I very much do...

284
1
02-15-2024 03:50 PM
SFM_TravisBott
Occasional Contributor III

Wondering what gives here...

Basic premise: I can delete users through the GUI just fine, but when attempting to call .delete() through a script I get this:

 

 

 

Exception: You do not have permissions to access this resource or perform this operation.
(Error Code: 403)

 

 

 

 

Slightly longer: I have a script that creates community accounts in our Hub based on information gathered in a feature service through Survey123 and assigns them to groups. I am creating a last script to delete (or disable) those users if they're marked for deletion, since the project is temporary. All other aspects of this process (creating users/inviting users, adding them to and removing them from groups) has worked great. The accounts that I'm testing this on are brand new, never been logged into and don't own any groups or content. I can delete users using the GUI just fine, but somehow the call to delete them via a script seems to fail.

Basic example below:

 

 

 

hubUsername = 'My.Username'
hubUrl = "https://OurHub.maps.arcgis.com"
hubOrg = arcgis.GIS(hubUrl, username= hubUsername)

username = 'Test.Username'
user = hubOrg.users.get(username)

# Storing the result so we can update the master table
deleteResult = user.delete()

# This also fails...
disableResult = hubOrg.users.disable_users([username])

 

 

 

 

All attempts result in the same exception that I do not have permission. However...

 

 

 

me = hubOrg.users.me
me.role

#returns...
'org_admin'

me.privileges

#returns....
['features:user:edit',
 'portal:admin:assignToGroups',
 'portal:admin:createUpdateCapableGroup',
 'portal:admin:deleteUsers',
 'portal:admin:inviteUsers',
 'portal:admin:updateUsers',
 'portal:admin:viewGroups',
 'portal:admin:viewUsers',
 'portal:publisher:publishFeatures',
 'portal:user:addExternalMembersToGroup',
 'portal:user:createGroup',
 'portal:user:createItem',
 'portal:user:invitePartneredCollaborationMembers',
 'portal:user:joinGroup',
 'portal:user:joinNonOrgGroup',
 'portal:user:shareGroupToOrg',
 'portal:user:shareToGroup',
 'portal:user:shareToOrg',
 'portal:user:viewOrgGroups',
 'portal:user:viewOrgUsers',
 'premium:publisher:createNotebooks']

 

 

 

 

Based on the .privileges all, and the fact that I can delete a user through the GUI, I clearly have permission. So....what gives?

 

Edit: I was in a sub Admin role. When I had another admin bump me up to proper Admin I could delete/disable just fine. However...the privileges listed in the code snippet above still say I can delete a user, and I can delete them in the GUI....so what's the difference using the API?

0 Kudos
1 Reply
David_McRitchie
Esri Contributor

Hey Travis,

This is quite unusual and sounds like there might be something defective in assigning permission to a custom role. I would recommend raising a Support case with your Esri Distributor for further investigation.

Many thanks,

David

Esri UK -Technical Support Analyst
0 Kudos