New Required Permission to Modify Reporting Settings


The PATCH method to the /api/v2/analytics/reporting/settings endpoint will require a user to explicitly have analytics > reportingSettings > edit rights to execute a request. Currently, users with view permissions over recording segment, conversation aggregates, conversation details, or dashboard configurations can execute PATCH requests. Once this change is in effect, they will only be able to execute GET requests against this endpoint. The new edit permission will need to be assigned to users who need to execute PATCH requests after the effective date.

Change Category


Change Context

Currently both the GET and PATCH method for this API have the same permission requirements. If a user can read settings from the endpoint, they can also make changes. This presents a potential issue for businesses where users that need to read export settings must also be given permission to make organization wide configuration changes. This change separates these access patterns to allow for permission combinations that support read rights without permission to make changes.

Change Impact

Any call to PATCH /api/v2/analytics/reporting/settings endpoint will be denied if the user lacks proper edit rights. Users that have been able to make changes in the past will be unable to do so until edit rights are assigned.

Date of Change

Feb 28, 2024
The current behavior may present a security risk to some customers; we have shortened our notice window in order to mitigate this risk.

Impacted APIs

PATCH /api/v2/analytics/reporting/settings


Logging deprecated behavior [BI-7813]
New Permission [BI-7812]
Deprecation [BI-7862]
Backfill [AUTHZ-290]

This topic was automatically closed 62 days after the last reply. New replies are no longer allowed.