When making a call to the Okta Management API, the request fails with error code E0000006. This occurs even when the access token includes the correct OAuth 2.0 scopes.
The API response returns the following error message:
You do not have permission to perform the requested action
- Okta Management API
- OAuth 2.0
- Client Credentials Grant
- Service Applications
This error occurs because the entity associated with the access token (either a user or a service application) does not have the required administrator roles assigned to perform the specific action.
While OAuth 2.0 scopes grant the application authorization to interact with the API endpoint, the actor must also possess the specific Role-Based Access Control (RBAC) permissions required to execute the request. For service applications using the Client Credentials grant type, the application itself acts as the administrator and must be assigned the relevant roles directly.
Follow the steps below to assign the necessary permissions to the service application or user.
Service Applications (Client Credentials)
- In the Okta Admin Console, select Applications > Applications.
- Select the service application used to generate the access token.
- Select the Admin roles tab.
- Select Edit assignments.
- Assign the appropriate administrator role (for example, Org Admin, or a specific custom role) that grants permission to perform the desired action.
- Select Save Changes.
Users
- In the Okta Admin Console, select Security > Administrators.
- Select the Admins tab.
- Select Add administrator.
- Select the user in the Select admin field.
- Select the required role and select Save.
