If a Group Administrator attempts to add or remove users from a group using the Okta Groups API, a failure may be returned with the following message:
You do not have permission to perform the requested action.
This may occur even when the Group Administrator has purview over the group.
This article describes the root cause and provides a temporary solution when this occurs.
- Okta Groups API
- Group Administrators
- Administrative Roles and Permissions
If a Group Admin encounters the message, You do not have permission to perform the requested action while attempting to manage the group using the Okta Groups API. The group in question has one or more administrative roles assigned to it.
This can be verified by using the Okta Admin Dashboard. Navigate to Admin > Directory > Groups > [Group] and look for a message with the info icon .
Because this group has administrative roles assigned to it, a Group Admin cannot manage it. Only a Super Administrator may manage groups that are assigned Admin roles.
Based on Group administrators documentation, this is an expected behavior.
If a Group Admin must be able to manage a group with Admin roles assigned, there are two choices:
- Temporarily or permanently promote the Group Admin to a Super Administrator.
- Temporarily or permanently remove the Admin role from the Group.
Related References
