Support

Expand all | Collapse all

Rest API - permission issue

  • 1.  Rest API - permission issue

    Posted 03-22-2017 08:46
    We observed that even though an user is able to create testplans and testgroups through Jama UI, the same user is not able to create testplans and testgroups through REST APIs.
    Users are able to create testplans and testgroups only if they have at least Manage Project permission for that project. This seems inconsistent.
    Have anyone else encountered this issue? Is this by design or is this a bug?

    ------------------------------
    Vikas
    Bose Corporation
    ------------------------------


  • 2.  RE: Rest API - permission issue

    Posted 03-22-2017 14:04

    Saw the same permissions issue.. did not open a ticket at the time, as we had a special userid to handle api based updates across all projects

     

    Sam

     






  • 3.  RE: Rest API - permission issue

    Posted 03-23-2017 09:30
    Hi Vikas and Sam,

    I did some digging into this, and it looks like it was a known issue back in the SOAP API days, filed as defect SOS-DEF-843. We dropped that bug since we were EOLing that API in favor of REST. Well, we didn't learn our lesson, apparently, because the REST API doesn't respect the correct permissions, either. We have updated SOS-DEF-843 to reflect that it is also a REST issue, and the REST team has it on their backlog.

    So unfortunately, the REST user will require more permissions than a user performing these actions in the GUI.

    ------------------------------
    Kristina King
    Jama Software
    ------------------------------



  • 4.  RE: Rest API - permission issue

    Posted 03-24-2017 06:32
    Thanks you for the update Kristina.
    I am hoping this issue will be fixed soon since this is going to be a roadblock for our test teams who are planing on using Jama REST APIs for test automation.

    ------------------------------
    Vikas
    Bose Corporation
    ------------------------------



  • 5.  RE: Rest API - permission issue

    Posted 03-24-2017 11:33
    I understand, Vikas. Thanks for providing that context...I have made note of it on the bug.

    ------------------------------
    Kristina King
    Jama Software
    ------------------------------



  • 6.  RE: Rest API - permission issue

    Posted 03-27-2017 09:59
    Vikas, I have a follow-up question. Approximately how many users do you have updating test items via REST API? From what we've heard from many customers, it's common to have this done via a shared user, in which case granting Manage Project permissions isn't a big deal. (But I can see why you wouldn't want to grant a dozen individual testers Manage Project permissions.)

    Thanks!

    ------------------------------
    Kristina King
    Jama Software
    ------------------------------



  • 7.  RE: Rest API - permission issue

    Posted 03-31-2017 07:45
    Hi Kristina,

    We have multiple test teams working in Jama. Also we have scenarios where users are granted access to specific projects only. So having a shared user, that too with Manage Project permission, across multiple teams and projects will not work for us.

    ------------------------------
    Vikas
    Bose Corporation
    ------------------------------



  • 8.  RE: Rest API - permission issue

    Posted 07-27-2017 02:23
    ​From what I got out of the discusion, specific user rights are required to execute a put command to a testrun?
    I recieve a "Bad Request" result when I try to execute "PUT" command to update a testrun. The error Message is: "The user with ID xxxxxxx exists but is not valid user for this project"
    So what right have to be granted to the user, which wants to update testruns and other Items. Funny is, I am able to add links to a test run, but not to update the testrun result.

    ------------------------------
    Jan Peter Welsch
    Honeywell Security Fire
    ------------------------------



  • 9.  RE: Rest API - permission issue

    Posted 07-27-2017 12:00
    Hi Jan,

    The bug referenced here (SOS-DEF-843) indicates that any user with Create/Edit permissions do not have sufficient permissions to PUT/POST Test Plans or Test Cycles unless they are a project administrator. Try giving the authenticated user Manage Project permissions, and try the call again. Let us know if updating the user permissions doesn't do the trick. Thanks!

    ------------------------------
    Sara Jensen

    Developer Support Engineer
    Jama Software
    Portland, OR
    ------------------------------



  • 10.  RE: Rest API - permission issue

    Posted 03-22-2018 23:26
    ​How to get the manage project permission, Currently I am the admin for one project, but I also can't use the post api to create test plans which follow the API list from jama

    ------------------------------
    Jim Xu
    ------------------------------



  • 11.  RE: Rest API - permission issue

    Posted 03-27-2018 09:18
    Hi Jim,

    Would you mind

    Permissions can be managed in the Admin area of Jama, when you're logged in as an Administrator:

    Jama User Guide -- Set Permissions

    Would you post the response you are getting back when you try to POST a Test Plan? Which version of Jama are you using?

    Thanks!

    ------------------------------
    Sara Jensen
    Developer Support Engineer
    Jama Software
    Portland OR
    503.922.1058
    ------------------------------