We are seeing 403 wfm.unauthorized.for.any.team.members error when we attempt to retrieve WFM Team Shrinkage for some of the teams. It works for few and not for all.
{
"message": "You are not authorized for any members of the team",
"code": "wfm.unauthorized.for.any.team.members",
"status": 403,
"contextId": "e442d618-11bd-47f2-8f6d-a17df6fda547",
"details": [],
"errors": []
}
Per API Docs, the OAC must have "wfm:shrinkage:view" Permission and it is already available for for the OAuth Client's Role and Role is applicable for ALL Divisions.
If I need to access data for ALL Teams, how can I do that?
Thanks for reaching out. This appears likely to be a bug in the permission checking logic for the route in question, so I would request that you reach out to Care for assistance as we are unable to debug customer data in the forums.
In your request to Care, please include screenshots of your permission configuration for wfm:shrinkage:view and how you have the divisions assigned.
Actually based on this I think I spotted the issue in the code and was able to reproduce your issue in a test. I will be working to get a fix in. Note that with the holiday season we are on a code release freeze and so the fix will unfortunately be delayed into the early part of next year.
As a temporary workaround I believe you could manually assign each individual division in your org to the role for your oauth client, rather than simply selecting the all divisions checkbox, and that should get you working
Thanks for your analysis and confirming it is bug with Genesys API.
I can understand that fix could take some time. Can you please analyze if we have any workaround for this issue? As some our customers are part of FEDRAMP and typical change cycle for FedRamp is slower than Commercial Orgs.
So top priority would to find any work around which could help us get past the current problem before Genesys fixes the bug.
Run tests with the suggested work around and it still doesn't work. Guess the fundamental issue is elsewhere. Reason being, in my Genesys Org, I have 22 Team across multiple divisions. One division (fc3c4e64-cb11-4b5a-a22a-6ee776387903) has 11 Teams and only 3 of them work and rest give the same 403 error.
I even tried adding admin Role and Master Admin Role to see if I can get past the issue ... but still unsuccessful.
Error with even admin role added
{
"message": "You are not authorized for any members of the team",
"code": "wfm.unauthorized.for.any.team.members",
"status": 403,
"contextId": "b1600c13-88ed-4771-aa38-fe7572cde126",
"details": [],
"errors": []
}
Error with even Master Admin role added
{
"message": "You are not authorized for any members of the team",
"code": "wfm.unauthorized.for.any.team.members",
"status": 403,
"contextId": "5b60078a-2b87-4cc8-af7c-f97c8a7e514f",
"details": [],
"errors": []
}
Team Ids which work with the API
859df653-7ccf-497c-9486-0298e3a9c2e8
05e8014c-f584-44ef-a324-0104bb07a242
8d461c31-2516-4b82-a0f8-59178fa15d5f
833e3b13-a5b9-4ae4-b524-fd2f93f8b99f
2ec4cbee-05f2-48d1-88ff-7e7744feb892
Team Ids which doesn't work with the API
11837f4f-08ab-4f8f-9aa2-ed789d4d1ff3
a70ce057-6b93-4910-ac89-b4a822c0de3c
62e951bd-a93f-4be0-8fc3-00e0aa51a56e
2b46ffb9-e036-42a3-a4d7-9e70d10157fd
0dfddc00-f373-4626-ad99-b82e0344c9d4
8be9ce22-c7a9-42db-b278-3ba690af2c86
9c63607a-117c-496d-a9d9-1d6aa45576eb
f166347f-9cfc-46db-b7c3-cc93cb886bf0
260e7e80-34d8-4b07-a1e8-c238db0b41ec
247e3042-1aa4-452e-9d8a-1491ff208861
95710c67-f07b-4701-9756-c3be9ce8644c
8aa73ad7-229a-4cd2-a519-3592a8cb09d2
ad01a119-ad04-433f-ab9d-fc1d5fb9d976
908e54ad-c475-4129-b90d-38a68ede8a6f
d7b58812-a9e8-4a41-938a-47891669cb85
7bd47cbe-4c1f-4982-a029-222f695a5a38
02753441-2ee8-40a2-baa6-20a12b88b943
I was notified by support that you've filed a care ticket. For privacy reasons, we're unable to debug customer data on the forums, so we'll need to communicate through that process. Thanks!