-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
8
-
Severity 3 - Minor
-
Issue Summary
The User Management REST API is not working on some Orgs.
Steps to Reproduce
- Generate an admin API key following these steps, on an Org you are an admin.
- Try to call any of the endpoints listed in the User Management REST API.
Expected Results
The user should be able to use the API as expected.
Actual Results
The API returns below error:
{"key":"forbidden.insufficientScope","context":{"message":"Insufficient scope for this action","acceptableScopes":
["manage:org","manage:me:DUMMYSCOPE"]},
"errorKey":"forbidden.insufficient-scope","errorDetail":{"message":"Insufficient scope for this action","acceptableScopes"
["manage:org","manage:me:DUMMYSCOPE"]}}
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available.
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[ACCESS-987] User Management REST API is not working on some Organizations
No worries! I'm glad that you were able to identify the reason and fix the issue. Count on us if you need any help. 
Vitor, in the end it was a tyop on my part, sorry about that! Everything works fine now
Hi alexander.kolodziej671272250,
Support tickets are restricted and only the reporter, participants and Support would have access to.
Hi Vitor!
Will do! Those tickets are not public, right?
wbr / Alex
Hi alexander.kolodziej671272250,
Thanks for sharing! I just tested on my side, and I'm able to use the APIs you have shared, creating a new API key. In case you are still unable to use them, would you mind to raise a ticket to us at https://support.atlassian.com/contact ?
That way we can take a closer look on what may be happening.
Kind regards,
Stay safe!
Vitor Á.
Atlassian Cloud Support
Build a cloud app with forge: https://www.atlassian.com/forge
same with getting their profile according to https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-users/#api-users-account-id-manage-profile-get
arghh, spoke too soon.
disabling users works, but fetching their api keys fails
https://api.atlassian.com/users/$user_id/manage/api-tokens --> {"code":401,"message":"Unauthorized"}
Bulk deactivation is now working for us too. After generating new API token I was able to bulk deactivate multiple users via the API. Thanks for resolving this issue!
We were able to run our bulk deactivation using a new API key. Looks like we can now use the endpoint in accordance with the documentation.
Hi team, I hope you are all doing great!
We were able to identify the reason for this behavior, that was related to the scopes attributed to API keys that were recently generated. We were able to fix this limitation, which means that new API keys shouldn't behave this way anymore. That being said, please, generate a new API key, and try to perform the action once more. You should be able to use the API as expected.
We are still assessing the possibility to apply the fix on the affected API keys as well (that were recently generated). We'll keep you posted.
In case you generate a new API key and is still facing the error message, please, let us know.
Wish you all the best!
Vitor Á.
Atlassian Cloud Support
Build a cloud app with forge: https://www.atlassian.com/forge
According to Atlassian Cloud Bug Fix Policy this issue should be at least a Priority 2 - High because in order to be a Priority 3 - Medium there must be "a workaround available" and "job function is not impaired" In this case there is no workaround and the job function for customers that rely on the API for user management is impaired.
Please escalate this issue to a Priority 2 - High due to the fact that for the affected customers like our organization the "feature is unavailable" and our "users job functions are impaired."
This is affecting our organization as well. When we submit a request to the user management endpoint with a valid API key we get the error above. We have a high priority requirement to bulk deactivate 443 users in order to clean up our user base and enable SSO thereafter. This issue is blocking our progress.
We began to see the issue on December 28th.
Please escalate this failure. The API downtime is disrupting our ability to use the Services in accordance with the applicable Documentation.
I can paginate thru all users, but I cannot deactivate any thru the API
same here, i can list all users with the org api but can't update the email adresses of the user. fix would be much appreciated.
We are also very much impacted by this issue. Managing just 500+ users itself has proven hectic for us and I just cant image how orgs with 5k + users are being managed without any automation.
I am able to use the Organization management API to list the users in my org and so on but not able to use any of the User Management APIs. It would be great if the concerned team could update on this or even maybe change the priority to High improving visibility of this bug.
Our org is also impacted by this bug. We have a priority requirement to bulk deactivate 522 users, which I planned to do via the User Management REST API, but now cannot due to this bug. Inability to bulk deactivate users impacts security and may impact our Atlassian Access subscription/bill if not resolved soon. I should also add that User Management REST API was working fine on August 24, 2020 and has regressed between then and now, I myself did not see this issue until yesterday, but the last time I saw it working correctly was August 24, 2020, in case that helps in any way.
Hi everyone, Happy Friday!
We were also able to fix the API keys that were affected by this bug, and therefore I'm closing it.
In case you are still facing any issues to use the API as expected, please, don't hesitate to reach to us at https://support.atlassian.com/contact.
Kind regards and have a great weekend!
Stay safe.
Vitor Á.
Atlassian Cloud Support
Build a cloud app with forge: https://www.atlassian.com/forge