User17211095772884801180 (Customer) asked a question.
I've created a API Token with Read-Only admin and try to make api call to users roles API.
However, I got 403 permission error in the response.
```
curl -v -H "Authorization: SSWS $ssws" "https://$domain/api/v1/users/$user_id/roles" | jq .
{
"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "oaeOg8fCKOwShOwb0DsYTa8Xg",
"errorCauses": []
}
```
The user_id is the Read-Only Admin user himself.
I was wondering why this behavior changed. Based on the https://help.okta.com/en-us/content/topics/security/administrators-admin-comparison.htm*User , Read-Only Admin can access Users API.
Please help check this. thanks.
Hello @User17211095772884801180 (Customer) Thank you for posting on our Community page!
This is expected behaviour, as Read-Only Admins can view users, but they can not check admin roles for other users.
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Hi Paul,
Thanks for your response.
Actually the user_id is the SSWS token owner here in my sample.
Does that mean as a Read-Only Admin, it's unable to get its roles via users API as well ?
thanks.