Catalog Item for 3rd Party Application - Can't attach excel file

ChrisWing · ‎12-18-2024

We have an application called SecurEnds that we have created a local service account. I have flagged web services on the account. I then built a basic catalog with no variables that has an attached flow that basically creates a single task, sends an email in parallel and that's it. When the 3rd party system attempts to create a Request, it works but fails with the attachment getting a 403 forbidden. I have tried attaching different licenses to it and once I got as high as a ITIL license it started to work. We would prefer not to tie up a ITIL license so now I am trying to figure out how to adjust the sys_attachment table to allow this account to write to it. More basic to that though how come a "User" of the system can open a catalog item and attach a file but this service account even with the "user" role cannot? Is it because of the Web Services flag?

Appreciate any insight offered.

JenniferRah · ‎12-18-2024

A user without a role should be able to attach a file to a catalog item and submit it. Is the attachment coming from the user and being submitted on the regular form, or is it being created some other way? You may need to check and see if you have made changes to the ACLs on the sys_attachment table that might be preventing it from adding the attachment.

Final question: is your Flow running as the Admin account or the current user? Maybe try switching it to Admin if it's not running that way?

ChrisWing · ‎01-14-2025

Hey Jennifer,

Missed your response, so the remote application is basically executing the flow via API using the service account I created. It appears the role assigned to service account is driving it's permission, but must be a higher level than a typical "user" would the fact it is being done via an API call have a different set of securities we would need to look at in the ACLs for?

JenniferRah · ‎01-14-2025

If it's running an API, you need to check your REST API Access Policies. You may have it restricted somehow in your environment.

I'm not sure I understand that you said the API is calling a Flow but earlier you said it is submitting a catalog item that executes the Flow. If it's the latter, maybe try changing the Flow to run as the System Admin to see if it's a rights issue.

ChrisWing · ‎01-15-2025

Hey Jennifer, thanks for the attempted assist, I went back to the 3rd party, and they weren't willing to share the code so I could provide a bit more information. At this point I will assume an ITIL license is required (they seem to confirm this but not sure if it is from their ignorance) or will need to generate a ticket through an inbound mail action.