Did Miro update the way permissions work? Getting a Insufficient permissions error with out code change

  • 20 January 2023
  • 5 replies
  • 337 views

Badge +1

Had configured our app to create boards from other boards (by copying them), and suddenly it stop working
This is our flow, we call : "https://api.miro.com/v1/oauth/token?grant_type=authorization_code"
Then we call:
url = URI("https://api.miro.com/v2/boards?copy_from=#{template_id}")
And we are getting this error

"Full body {\"type\"=>\"error\", \"code\"=>\"4.0602\", \"context\"=>{\"boardId\"=>\"xxxxx=\"}, \"message\"=>\"Insufficient permissions to perform operation. Please check the permissions or contact support\", \"status\"=>403}"

Permissions have not been changed in months

App has permissions to read / write and original board has view permissions for every one, this error started appearing jus a few weeks ago.


5 replies

Userlevel 6
Badge +4

Hey @Carlos L贸pez,

Thanks for reaching out about this. If you haven鈥檛 made any changes on your end, I agree that it seems strange. Have you tried regenerating the access_token you鈥檙e using by chance?

If you鈥檝e already tried this, can I kindly ask that you open up a request with our Support team and share the full details of the board IDs with them? They should be able to take a closer look at the boards and further investigate why you鈥檙e getting a permissions error.

Thanks!

Badge +1

We haven鈥檛 regenerated the access token, because this works within our team, it鈥檚 user outside our team that are having problems, but that did not happen before.

Already opened a request with support, thank you.

Badge

Hello Carlos,
I was wondering if there have been any updates regarding this issue. Have you been able to identify the root cause? I encountered a similar situation and would greatly appreciate any insights you might have gained.

Thanks in advanced!

Badge +1

Hey, this was definitely something super hard to track.


It ended up being a combination of three things:

  • The security configuration of the Team Profile inside MIRO
  • The sharing settings on a board to be copied
  • The Sharing Policy access on the api call


So those three have to have a specific configuration, to find yours I suggest you play with them, but on our side this was the combination that worked:


On Team Profile under Permissions go to Content Security:


On the board that you want to copy from, make sure that the sharing option is set to anyone with the link can view:

And in your integration code, make sure when you create the board, you set the Sharing Policy access to private:

聽 聽 request.body = "{\"name\":\"new board name\",

聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 \"sharingPolicy\":{

聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 \"acess\":\"private\",

聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 \"teamAccess\":\"edit\"

聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 },

聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 \"permissionsPolicy\":{

聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 \"copyAccessLevel\":\"anyone\"

聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 }

聽 聽 聽 聽 聽 聽 聽 聽 聽 }"

Hope this helps, this was a big headache for us.

Badge

Thank you very much for the answer, it looks like everything is working for the client now!

Reply