For the last few days, I was struggling with setting up proper permissions to create a user for external integrations. My findings are as follows:
- Client doesn’t get permissions from the Impersonated user
- I am not sure how to use Permitted, Forced and Forbidden roles, but only by setting up Permitted and Forced I was able to get my needed permissions (If my user is a member of a single group and I need to use permissions configured for the group, should I add it to the Permitted, Forced or both?)
- POSSIBLE BUG: changing the Permitted and Forced roles after the client was created doesn’t affect permissions (even after regenerating secret and generating a new Token)