Inventory.Update() 403

What product/components do you use and which version/fix level are you on?

Cumulocity / InventoryAPI / Custom Micro-service 1014.0.213

Is your question related to the free trial, or to a production (customer) instance?


What are you trying to achieve? Please describe it in detail.

Append custom fragment to a Managed object using InventoryApi.update()
Code works when run from a remote connection from IntelliJ but when deployed on the server I get 403
I have ROLE_INVENTORY_ADMIN declared in the cumulocity.json and I checked that there is a permission on the micro-service after deploying.

Do you get any error messages? Please provide a full error message screenshot and log file.

2023-03-09 10:55:36.738  INFO 13 --- [http-nio-80-exec-3] i.c.a.m.mgm.controller.ModelController   : Response of model pull: 200 OK
2023-03-09 10:55:36.738  INFO 13 --- [http-nio-80-exec-3] i.c.a.m.mgm.controller.ModelController   : Uploading model to Zementis...
2023-03-09 10:55:37.365  INFO 13 --- [http-nio-80-exec-3] i.c.a.m.mgm.controller.ModelController   : Response of model push: 201 CREATED
2023-03-09 10:55:37.366  INFO 13 --- [http-nio-80-exec-3] i.c.a.m.m.service.ManagedObjectService   : Attaching model metadata to ManagedObject
2023-03-09 10:55:37.779  WARN 13 --- [http-nio-80-exec-3] c.c.m.context.ContextServiceImpl         : execution of task failed within tenant : t71212956 - org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.cumulocity.sdk.client.SDKException: Http status code: 403
{error="security/Forbidden",message="Access is denied",info="",details="null"} 

Have you installed all the latest fixes for the products and systems you are using?


Can you share your code block where you doing this?

Two assumptions:

  1. You’re reading the MO before updating it and need also ROLE_INVENTORY_READ by doing so.
  2. You might not using the service user to update the MO but any other user?

Both can be clarified on the code block when provided.

Hi Stefan, here is the code that creates the update.

public void addMetaToModelMO(ArtifactDto artifactDto) {"Attaching model metadata to ManagedObject");

    InventoryFilter inventoryFilter = new InventoryFilter();
    InventoryFilter filterByText = inventoryFilter.byText("MENI_16");
    ManagedObjectCollection managedObjectsByFilter =
    PagedManagedObjectCollectionRepresentation managedObjectRepresentations = managedObjectsByFilter.get(1);
    List<ManagedObjectRepresentation> managedObjects = managedObjectRepresentations.getManagedObjects();
    ManagedObjectRepresentation onnxModelMo = managedObjects.get(0);

    ManagedObjectRepresentation uploadMo = new ManagedObjectRepresentation();
    uploadMo.setProperty("artifact_meta", artifactDto);
    ManagedObjectRepresentation update = inventoryApi.update(uploadMo);
    if (update != null) {"Meta data successfully attached");
    } else {"Attaching Meta data failed");

I was under the assumption that admin gives me read, write, delete permissions ?
Thanks for quick reply

Yep, that confirms my first assumption was correct.
Please add ROLE_INVENTORY_READ to the manifest to resolve this.

ADMIN just gives write, delete, update permissions. Even its not the perfect design, it is documented here:

1 Like

Thanks Stefan. Of course you are correct, it works. Much appreciated. I checked requirements for upload but I assumed that admin can read. This is my bad.
Have a great day.

1 Like

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.