BOX connector logs error 403 "access_denied_insufficient

Title

BOX connector logs error 403 "access_denied_insufficient_permissions"

Issue

When attempting to use the BOX connector you get the following error:

{"type":"error","status":403,"code":"access_denied_insufficient_permissions","help_url":"http://developers.box.com//docs//#errors","message":"Access denied - insufficient permission","request_id":"xxx"} - HttpError Status code 403 Forbidden

Environment

Box Platform - API Calls to Box via SIM

Steps to reproduce

Refer to documentation topic Configure Box connector.

Solution

Check that the user has permission to do the task. The easiest way to check is to see whether the same action can be done via the Web App.

For example:

If attempting to use the "As-User" header with another user, check if you can use the "Log in as this user" option via the administrator console. In this example, common situations are users not having co-admin permissions, co-admins trying to as-user as another co-admin, or co-admins trying to as-user as the primary admin.
If attempting to use an advanced feature like Legal Holds, the enterprise must have access to the feature.
You cannot add a collaborator to your root folder.
Note: Co-admins do not have the permission to manage other co-admin accounts.

Check that the application has permission to do the task by looking at the scopes enabled for the application. There are potentially two places to check:

For Standard and Server Authentication: The Configuration page for the app on the Developer Console.
For Server Authentication Only: The App's Authorization in the enterprise via Admin Console -> Business/Enterprise settings -> Apps -> Custom Application -> View App Authorization.
When admins authorize a Server Auth app in the admin console, the authorization for the app is the set of scopes the app has at the time that it was authorized. If the scopes change after the app was originally authorized, the app must be reauthorized for the changes to take effect in the enterprise (admin has to effectively "approve" changes in the app's scopes).

For example:

If making a call to the /users endpoint, "manage users" must be enabled.

More information about this error here.

See Also

Cause

User does not have permission to perform the requested action.

Was this helpful?

Support Hub

Product

Snow Integration Manager

Solution Area

Box Connector

Deployment type

Cloud;On-premises;Service Provider Edition (SPE)

Visibility

Guest

URL Name

BOX-Connector-Error-403-access-denied

Are you sure you want to cancel the case creation?

Case closed successfully

Action performed successfully

Upload Attachment

Maximum file size allowed is 3 MB.

File type not supported.

Supported file types:

Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to close this case

Get Hotline support

Products	Region	Phone Numbers
FlexNet Operations FlexNet Embedded FlexNet Publisher FlexNet Connect FlexNet Code Insight InstallAnywhere InstallShield	North America *	+1 630-332-2513 (toll) +1 877-279-2853 (toll-free in North America)
	Europe *	+44 1925 944367 (toll) +44 800 047 8642 (toll-free in Europe)
	Japan *	+81 3-4540-5335 (select option 2)
	Australia *	+61 3 9895 2177 +61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics) Compliance Intelligence	Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.

Related Articles

Please wait...

Case id: 00001065