cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
andersov
Community Member

User not authorized to perform that action

Jump to solution

I am getting an unauthorized error when attempting to view user page views while using a token generated from my admin account.

The error is: "user not authorized to perform that action"

The following API call produces the error:

curl https://<institution>.instructure.com/api/v1/users/:userid/page_views \

-X GET \

-H 'Authorization: Bearer :admin_token'

However, a call to "self" works:

curl https://<institution>.instructure.com/api/v1/users/self/page_views \

-X GET \

-H 'Authorization: Bearer :admin_token'

What are the permissions needed to view other users' page views?

Labels (2)
1 Solution

Accepted Solutions
andersov
Community Member

I solved it. Was using our SIS ID for the user, instead of Canvas' 7-digit ID value. Rookie mistake.

View solution in original post

8 Replies
robotcars
Community Champion

Good question.

What is your current role?

I have admin and root_admin and can hit that endpoint without masquerading. I'm having a hard time seeing what permissions Account Admin role has that give me permission on the API.

My role is as an account admin

andersov
Community Member

I solved it. Was using our SIS ID for the user, instead of Canvas' 7-digit ID value. Rookie mistake.

View solution in original post

James
Community Champion

andersov,

My guess (after ruling out what carroll-ccsd  suggested) is to double check the user ID and make sure it's the correct type and a valid number.

You need to be entering the Canvas user ID and not your SIS user ID (unless you preface it with sis_user_id: as explained on the SIS IDs page.

Also make sure that the users is yours and you didn't transpose some digits. For example, user 8296700 is ours, but if I put 8269700, I get a 401 Unauthorized error because that user belongs to a different account.

James
Community Champion

Glad you figured it out and ignore my response. Your answer wasn't there when I started typing it.

andersov
Community Member

Thanks for the on-the-money answer. Sorry I didn't figure it out sooner and save you the trouble Smiley Wink 

dylanrainbolt
Community Member

I am getting this message when trying to look at missing submissions for students, my code is as follows:

user_nm_and_ids_dictget_user_names_and_ids() ##returns a dictionary containing every student's name and id. 

for name in user_nm_and_ids_dict
    print(name)
    user_idint(user_nm_and_ids_dict[name])
    usercourse.get_user(user_id)
    missing_submissionsuser.get_missing_submissions()
    print(missing_submissions) ##does end up printing out <PaginatedList of type Assignment>
    for missing_submission in missing_submissions:  ##this is where I get my error 
        print(missing_submission)

 

The official error I am receiving in terminal is as follows:

Traceback (most recent call last):
File "c:\Users\dylan\coding\Canvas API Playground\creating_pages_schoolcourseexample.py", line 110, in <module>
for missing_submission in missing_submissions:
File "C:\Users\dylan\AppData\Local\Programs\Python\Python39\lib\site-packages\canvasapi\paginated_list.py", line 48, in __iter__
new_elements = self._grow()
File "C:\Users\dylan\AppData\Local\Programs\Python\Python39\lib\site-packages\canvasapi\paginated_list.py", line 92, in _grow
new_elements = self._get_next_page()
File "C:\Users\dylan\AppData\Local\Programs\Python\Python39\lib\site-packages\canvasapi\paginated_list.py", line 56, in _get_next_page
response = self._requester.request(
File "C:\Users\dylan\AppData\Local\Programs\Python\Python39\lib\site-packages\canvasapi\requester.py", line 243, in request
raise Unauthorized(response.json())
canvasapi.exceptions.Unauthorized: [{'message': 'user not authorized to perform that action'}]

 

themidiman
Community Champion

@dylanrainbolt , this should probably have been in its own question/post since this post was marked as solved. Be as it may, your question needs to be clarified: what user does your API token go with? Is it an admin user or a user with a different role (i.e. Teacher or is it your own account as a student in a course)? Also what API endpoint are you using?