stelapolu | 2024-12-11 13:36:27 UTC | #1
Hi,
We are seeing 403 wfm.unauthorized.for.any.team.members error when we attempt to retrieve WFM Team Shrinkage for some of the teams. It works for few and not for all.
URL: https://api.mypurecloud.com/api/v2/workforcemanagement/teams/62e951bd-a93f-1be0-8fc3-00e0aa51a56a/shrinkage/jobs Method: POST Request Body: { "startDate": "2024-12-11T10:30:00.000Z", "endDate": "2024-12-11T11:00:00.000Z", "timeZone": "UTC" }
Error Response:
{ "message": "You are not authorized for any members of the team", "code": "wfm.unauthorized.for.any.team.members", "status": 403, "contextId": "e442d618-11bd-47f2-8f6d-a17df6fda547", "details": [], "errors": [] }
Per API Docs, the OAC must have "wfm:shrinkage:view" Permission and it is already available for for the OAuth Client's Role and Role is applicable for ALL Divisions.
If I need to access data for ALL Teams, how can I do that?
Any help is appreciated!
brian.trezise | 2024-12-12 15:11:40 UTC | #2
Thanks for reaching out. This appears likely to be a bug in the permission checking logic for the route in question, so I would request that you reach out to Care for assistance as we are unable to debug customer data in the forums.
In your request to Care, please include screenshots of your permission configuration for wfm:shrinkage:view and how you have the divisions assigned.
Thanks!
brian.trezise | 2024-12-12 15:32:15 UTC | #3
stelapolu, post:1, topic:30803
Per API Docs, the OAC must have "wfm:shrinkage:view" Permission and it is already available for for the OAuth Client's Role and Role is applicable for ALL Divisions.
Actually based on this I think I spotted the issue in the code and was able to reproduce your issue in a test. I will be working to get a fix in. Note that with the holiday season we are on a code release freeze and so the fix will unfortunately be delayed into the early part of next year.
As a temporary workaround I believe you could manually assign each individual division in your org to the role for your oauth client, rather than simply selecting the all divisions checkbox, and that should get you working
stelapolu | 2024-12-12 17:03:55 UTC | #4
Hi Brian,
Thanks for your analysis and confirming it is bug with Genesys API.
I can understand that fix could take some time. Can you please analyze if we have any workaround for this issue? As some our customers are part of FEDRAMP and typical change cycle for FedRamp is slower than Commercial Orgs.
So top priority would to find any work around which could help us get past the current problem before Genesys fixes the bug.
brian.trezise | 2024-12-12 17:19:50 UTC | #5
As mentioned in my previous message:
brian.trezise, post:3, topic:30803
As a temporary workaround I believe you could manually assign each individual division in your org to the role for your oauth client, rather than simply selecting the all divisions checkbox, and that should get you working
stelapolu | 2024-12-12 17:21:28 UTC | #6
I already have permissions granted for ALL Divisions (including future divisions) for the Role I have part of my OAuth Client.
brian.trezise | 2024-12-12 17:25:13 UTC | #7
stelapolu, post:6, topic:30803
including future divisions
Yes, that's the problem. The workaround is to NOT use the "including future divisions" checkbox - manually add each division individually.
stelapolu | 2024-12-12 17:41:43 UTC | #8
Sorry I missed that part from your initial note. Will give it a try tomorrow and post an update.
Thanks Brian! Appreciate the quick turnaround!
stelapolu | 2024-12-19 11:39:13 UTC | #9
Hi,
Run tests with the suggested work around and it still doesn't work. Guess the fundamental issue is elsewhere. Reason being, in my Genesys Org, I have 22 Team across multiple divisions. One division (fc3c4e64-cb11-4b5a-a22a-6ee776387903) has 11 Teams and only 3 of them work and rest give the same 403 error.
I even tried adding admin Role and Master Admin Role to see if I can get past the issue ... but still unsuccessful.
Error with even admin role added { "message": "You are not authorized for any members of the team", "code": "wfm.unauthorized.for.any.team.members", "status": 403, "contextId": "b1600c13-88ed-4771-aa38-fe7572cde126", "details": [], "errors": [] }
Error with even Master Admin role added { "message": "You are not authorized for any members of the team", "code": "wfm.unauthorized.for.any.team.members", "status": 403, "contextId": "5b60078a-2b87-4cc8-af7c-f97c8a7e514f", "details": [], "errors": [] }
Team Ids which work with the API 859df653-7ccf-497c-9486-0298e3a9c2e8 05e8014c-f584-44ef-a324-0104bb07a242 8d461c31-2516-4b82-a0f8-59178fa15d5f 833e3b13-a5b9-4ae4-b524-fd2f93f8b99f 2ec4cbee-05f2-48d1-88ff-7e7744feb892
Team Ids which doesn't work with the API 11837f4f-08ab-4f8f-9aa2-ed789d4d1ff3 a70ce057-6b93-4910-ac89-b4a822c0de3c 62e951bd-a93f-4be0-8fc3-00e0aa51a56e 2b46ffb9-e036-42a3-a4d7-9e70d10157fd 0dfddc00-f373-4626-ad99-b82e0344c9d4 8be9ce22-c7a9-42db-b278-3ba690af2c86 9c63607a-117c-496d-a9d9-1d6aa45576eb f166347f-9cfc-46db-b7c3-cc93cb886bf0 260e7e80-34d8-4b07-a1e8-c238db0b41ec 247e3042-1aa4-452e-9d8a-1491ff208861 95710c67-f07b-4701-9756-c3be9ce8644c 8aa73ad7-229a-4cd2-a519-3592a8cb09d2 ad01a119-ad04-433f-ab9d-fc1d5fb9d976 908e54ad-c475-4129-b90d-38a68ede8a6f d7b58812-a9e8-4a41-938a-47891669cb85 7bd47cbe-4c1f-4982-a029-222f695a5a38 02753441-2ee8-40a2-baa6-20a12b88b943
brian.trezise | 2024-12-19 14:02:12 UTC | #10
I was notified by support that you've filed a care ticket. For privacy reasons, we're unable to debug customer data on the forums, so we'll need to communicate through that process. Thanks!
stelapolu | 2024-12-19 14:03:09 UTC | #11
Sure. Will do the same Brian.
system | 2025-01-18 14:03:36 UTC | #12
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 30803