Did Miro update the way permissions work? Getting a Insufficient permissions error with out code change

  • 20 January 2023
  • 5 replies
  • 357 views

Badge +1

Had configured our app to create boards from other boards (by copying them), and suddenly it stop working
This is our flow, we call : "https://api.miro.com/v1/oauth/token?grant_type=authorization_code"
Then we call:
url = URI("https://api.miro.com/v2/boards?copy_from=#{template_id}")
And we are getting this error

"Full body {\"type\"=>\"error\", \"code\"=>\"4.0602\", \"context\"=>{\"boardId\"=>\"xxxxx=\"}, \"message\"=>\"Insufficient permissions to perform operation. Please check the permissions or contact support\", \"status\"=>403}"

Permissions have not been changed in months

App has permissions to read / write and original board has view permissions for every one, this error started appearing jus a few weeks ago.


5 replies

Userlevel 6
Badge +4

Hey @Carlos López,

Thanks for reaching out about this. If you haven’t made any changes on your end, I agree that it seems strange. Have you tried regenerating the access_token you’re using by chance?

If you’ve already tried this, can I kindly ask that you open up a request with our Support team and share the full details of the board IDs with them? They should be able to take a closer look at the boards and further investigate why you’re getting a permissions error.

Thanks!

Badge +1

We haven’t regenerated the access token, because this works within our team, it’s user outside our team that are having problems, but that did not happen before.

Already opened a request with support, thank you.

Badge

 

Hello Carlos,
I was wondering if there have been any updates regarding this issue. Have you been able to identify the root cause? I encountered a similar situation and would greatly appreciate any insights you might have gained.

Thanks in advanced!

Badge +1

Hey, this was definitely something super hard to track.


It ended up being a combination of three things:

  • The security configuration of the Team Profile inside MIRO
  • The sharing settings on a board to be copied
  • The Sharing Policy access on the api call


So those three have to have a specific configuration, to find yours I suggest you play with them, but on our side this was the combination that worked:


On Team Profile under Permissions go to Content Security:
 

 
On the board that you want to copy from, make sure that the sharing option is set to anyone with the link can view:
 

 

And in your integration code, make sure when you create the board, you set the Sharing Policy access to private:

    request.body = "{\"name\":\"new board name\",

                    \"sharingPolicy\":{

                      \"acess\":\"private\",

                      \"teamAccess\":\"edit\"

                    },

                    \"permissionsPolicy\":{

                      \"copyAccessLevel\":\"anyone\"

                    }

                  }"

 

Hope this helps, this was a big headache for us.

Badge

Thank you very much for the answer, it looks like everything is working for the client now!

Reply