Inventory.Update() 403

,
1

What product/components do you use and which version/fix level are you on?

Cumulocity / InventoryAPI / Custom Micro-service 1014.0.213

Is your question related to the free trial, or to a production (customer) instance?

Production

What are you trying to achieve? Please describe it in detail.

Append custom fragment to a Managed object using InventoryApi.update()
Code works when run from a remote connection from IntelliJ but when deployed on the server I get 403
I have ROLE_INVENTORY_ADMIN declared in the cumulocity.json and I checked that there is a permission on the micro-service after deploying.

Do you get any error messages? Please provide a full error message screenshot and log file.

2023-03-09 10:55:36.738  INFO 13 --- [http-nio-80-exec-3] i.c.a.m.mgm.controller.ModelController   : Response of model pull: 200 OK
2023-03-09 10:55:36.738  INFO 13 --- [http-nio-80-exec-3] i.c.a.m.mgm.controller.ModelController   : Uploading model to Zementis...
2023-03-09 10:55:37.365  INFO 13 --- [http-nio-80-exec-3] i.c.a.m.mgm.controller.ModelController   : Response of model push: 201 CREATED
2023-03-09 10:55:37.366  INFO 13 --- [http-nio-80-exec-3] i.c.a.m.m.service.ManagedObjectService   : Attaching model metadata to ManagedObject
2023-03-09 10:55:37.779  WARN 13 --- [http-nio-80-exec-3] c.c.m.context.ContextServiceImpl         : execution of task failed within tenant : t71212956 - org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.cumulocity.sdk.client.SDKException: Http status code: 403
{error="security/Forbidden",message="Access is denied",info="https://www.cumulocity.com/guides/reference/rest-implementation//#a-name-error-reporting-a-error-reporting",details="null"}

Have you installed all the latest fixes for the products and systems you are using?

N/A

2

Can you share your code block where you doing this?

Two assumptions:

  1. You’re reading the MO before updating it and need also ROLE_INVENTORY_READ by doing so.
  2. You might not using the service user to update the MO but any other user?

Both can be clarified on the code block when provided.

3

Hi Stefan, here is the code that creates the update.

public void addMetaToModelMO(ArtifactDto artifactDto) {
    log.info("Attaching model metadata to ManagedObject");

    InventoryFilter inventoryFilter = new InventoryFilter();
    InventoryFilter filterByText = inventoryFilter.byText("MENI_16");
    ManagedObjectCollection managedObjectsByFilter =
        inventoryApi.getManagedObjectsByFilter(filterByText);
    PagedManagedObjectCollectionRepresentation managedObjectRepresentations = managedObjectsByFilter.get(1);
    List<ManagedObjectRepresentation> managedObjects = managedObjectRepresentations.getManagedObjects();
    ManagedObjectRepresentation onnxModelMo = managedObjects.get(0);

    ManagedObjectRepresentation uploadMo = new ManagedObjectRepresentation();
    uploadMo.setId(onnxModelMo.getId());
    uploadMo.setProperty("artifact_meta", artifactDto);
    ManagedObjectRepresentation update = inventoryApi.update(uploadMo);
    if (update != null) {
      log.info("Meta data successfully attached");
    } else {
      log.info("Attaching Meta data failed");
    }
  }

I was under the assumption that admin gives me read, write, delete permissions ?
Thanks for quick reply

4

Yep, that confirms my first assumption was correct.
Please add ROLE_INVENTORY_READ to the manifest to resolve this.

ADMIN just gives write, delete, update permissions. Even its not the perfect design, it is documented here:
https://cumulocity.com/api/core/10.15.0/#operation/getInventoryApiResource

1 Like
5

Thanks Stefan. Of course you are correct, it works. Much appreciated. I checked requirements for upload but I assumed that admin can read. This is my bad.
Have a great day.

1 Like
6

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.