Permission to see User in API

Hi team, I'm trying to access the UserData block of the calling user context, by the following Endpoint:

If I use the URL/d2l/api/lp/1.43/users/ as an administrative user, I can see exactly the information I'm after (in this case specifically, I'm trying to retrieve the current users External Email). However, for a non-administrative user, it always returns 403: Not Authorized.

I've looked into the User Privacy controls, and having switched various flags on and off, nothing seems to change. I'm at a loss of what else to look for. Any thoughts on what permissions would need to be enabled to see the current users UserData field?

Thanks,

Connor Deckers

Tagged:

Answers

  • Sreelakshmi.N.546
    Sreelakshmi.N.546 Posts: 80
    edited June 2023

    Hi Connor,

    Thanks for reaching us through community!

    Can you please check if the Non-administrative user has the permission to see the Student role details ( User Privacy information). Also, please check if the role has permission 'See the User Management tool' under Users tool at Org level?

    Kindly check and confirm.

    Thanks

    Sreelakshmi

  • Connor.D.131
    Connor.D.131 Posts: 7 🌱

    Ah, the See the User Management Tool indeed did allow the API call to run as expected! Is there any way we can allow that at the API level without having the Users tool available through the UI?

    Ultimately, my goal is only to allow the calling user to access their own profile information; it's unnecessary/undesirable for access broader than that. As such, I would like to avoid a system-wide search that would otherwise be disabled.

    Thanks Sreelakshmi!

    Connor

  • Hi Connor,

    See the User Management Tool permission is indeed one of the major permission associated with the /d2l/api/lp/1.43/users/. Without that user roles wont be able to access the user data via API call.

    Thanks

    Sreelakshmi