Hi,
see Stefans Response to your previous thread here:
The bootstrapuser is just for retrieving the service user for each tenant. I think I made this clear now multiple times. You should not use that in any other API Call of your microservice (even when it is working). The service user permissions are defined in your manifest file.