Unable to delete user from UiPath via API call, using admin authentication

I am developing a process with Studio, to check if any of the recently terminated from company users accounts are still present and active in the UiPath Cloud system. If one is found, deleting user using API call.
I will share data from Postman, since base principles are the same and same error occurs in Studio.

First, I am doing an authentication API call to get access token for following http requests.

AuthenticationBody1462×587 108 KB

Using access token from authorization and performing GET API call (http request in Studio) I am able to get user list. I even tried and succeeded in removing user from a group and deleting user from Orchestrator, but when I try to delete user from UiPath cloud, I get error 401 Unauthorized with body message: “You are not authorized to delete users from partition with id c5f…-…-…-…”.

DeleteUser1480×633 78.8 KB

For all http requests (successful and not) I am using “0Auth 2.0” Type authorization with inputted access token.
I should be able to delete users since I am using Admin client ID and client secret to get access through authentication and this Admin can manage users (add, delete etc.) directly in UiPath, so I’m a little lost to where is the problem. Maybe wrong scope?

Appreciate any advice.

Hey @Ugnius_Rinkunas

Kindly make sure you have this assigned -

Thanks
#nK

I have OR.Users along with PM.Group and PM.User declared in my scope, as you can see in the first screenshot. I also tried doing http request with various other scopes, but the outcome is the same. Do I need to also declare permissions in my authentication request? If so, can you explain how?

Thank you,
Ugnius

Please try to give the same set of permission as mentioned in the above screenshot and try…

I can’t find any documentation on how to declare permissions in the http request. Can you be more specific on how can I assign them?

Hey @Ugnius_Rinkunas

I have already posted a screenshot above.

You can also please refer your API Swagger documentation.

Hope that helps.

Thanks
#nK

Hi,

I have the same error when i try to create Groups Or Users in identity by API with an external application.

I had declare an external app with this scope :
PM.Audit PM.Group PM.MessageTemplate PM.RobotAccount PM.Setting PM.User PM.UserLoginAttempt

I can execute Get or PUT requests. But when i try to execute POST request like :

{“id”:“GUID”,“partitionGlobalId”:“PARTITIONID”,“name”:“FD9_GRP_ADMIN_PRODUCT”,“directoryUserIDsToAdd”:}

With Hearders :

• Content-Type : application/json
• Authorization : Bearer TOKEN

I have a 401 return code with : You are not authorized to access the partition with id PARTITIONID

When I try the same Post request with a token generated by my account (OnPremURL/api/account/authenticate) : the group is create.

Does POST method work in your env with Application Scope permissions ?

Yes it should work.

Did you declare a scope with only PM.Group and PM.User or dis you declare PM.Group with PM.Group.Read and PM.Group.Writte ?

I’m using a different endpoint btw.

Could you please tell me your endpoint which you are trying to use ?

To create User Or Group in the identity portal I use :

$OtrchestratorUrl/identity/api/Group/

I found documentation in :

• $OtrchestratorUrl/identity/swagger/index.html
• Group

Oh okay @Florent.Coulon

Now getting a bit more of clarity, so you are using the identity API.

Yes like Ugnius_Rinkunas.

I use PM Scope for PlatformManagement as describes in the documentation :

/identity/api/Group

Requires the following scopes:

• PM.Group
• PM.Group.Write

Okay I hope you added the above two scopes and what are you actually trying to do here ?

I want to create local group with API as describe here : Group

We have a technical baseline which store all groups / users by tenants and we want to automate the creation / deletion and update from it.

As i describe before, i use POST at endpoint : /api/Group with body :
{“id”:“GUID”,“partitionGlobalId”:“PARTITIONID”,“name”:“FD9_GRP_ADMIN_PRODUCT”,“directoryUserIDsToAdd”:}

But the API return : 401 : "You are not authorized to access the partition with id … "

Hey @Florent.Coulon

So how did you perform Authentication for this ?

Thanks
#nK

I opened a case and technical support reproduce the same error on OnPrem 21.10 version but not in OnPrem 22.4 :

*We have replicated the same from our-end and with an external application having scope getting an error with “You are not authorized to access the partition with id ------” and the same we are able to do with the basic authentication and able to create the group in 2021.10 Orchestrator. *

The same API is with External Application is working with 22.4 On-Prem Orchestrator if possible please try to upgrade 22.4 On-Prem Orchestrator and check the behavior.

My problem is not the same as Ugnius Rinkunas, and if i want to resole it, i have to migrate to 22.4

Oh okay please keep us posted!