Loading

Error 'Insufficient Privileges' when administrators login from the user interface

Publiseringsdato: Oct 13, 2022
Beskrivelse

System Administrators may receive a generic 'Insufficient Privileges' error after standard login via the user interface (UI) if their assigned profile or permission set(s) have the 'API Only User' permission enabled. 


This can occur if the 'API Only User' permission is enabled via:
 

A) The affected user's profiles and/or

B) Permission set(s) assigned to the user.

Løsning

To resolve this, the 'API Only User' permission must be removed from the affected user's assigned profile and/or permission set(s).

 
First check to see if there may be another user available in your org with the 'Manage User' permission. If so, that user may navigate to the affected admin user record to identify and review their assigned profile and permission sets to remove or disable any occurrences of the 'API Only User' permission.
 

If no users are available in your org with the necessary permissions to edit profiles or permission sets it's possible to disable the permission:


A) For profiles using the API and client tool such as Data Loader:


1. Log in to Data Loader. See Install Data Loader for more details.

Note: You may sign up for a Developer Edition org to download and install Data Loader if you're unable to access or download it from setup in the affected environment.

2. Export the Profile object

3. Locate your assigned profile's row in the export and change the value for the 'PERMISSIONSAPIUSERONLY' column from 'True' to 'False' and save your file.

4. Perform an update to the Profile object using your updated file to update the profile permission.

See alsoInsert, Update, or Delete Data Using Data Loader


B) For Permission Sets using Workbench:

Note: Using Workbench is recommended here because the tool allows you to perform row level updates directly from query results in the User Interface. This simplifies the process by not requiring you to export and manipulate CSV files. The Data Loader can also still be used to accomplish the same updates.


1. Log in to the Workbench

2. Locate the permission set(s) that currently have PermissionsApiUserOnly = TRUE by selecting, Jump to: SOQL Query | Object: PermissionSet and click Select. Paste the following query into the "Enter or modify a SOQL query below:" field and then click Query:

SELECT Id, Label, PermissionsApiUserOnly FROM PermissionSet WHERE PermissionsApiUserOnly = TRUE

3. Move your mouse cursor over the affected permission set's Id in the query result list and select the Update option in the corresponding 'Choose an action:' hover menu.

Note: If you are unsure which permission set is assigned to the affected user(s):

A) Use the query in Step 2 but select View as: List and click Query to generate a list of the permission sets. Copy and paste the list into Excel for use later on.

B) Then paste the following Query into the 'Enter or modify a SOQL query below:' field to generate a list of User Ids and Names:

SELECT Id, Name FROM User

C) Locate an affected User's Id in the query results and copy it down. Replace <UserIdHere> with the affected User's Id in the following query to generate a list of permission sets assigned to that user.

SELECT PermissionSetId FROM PermissionSetAssignment WHERE AssigneeId = '<UserIdHere>'

D) Cross reference the permission set Ids listed in your Excel file from step A) with those listed in the query results from step C) to identify which permission set Id exists in both locations. Once the PermissionSet Id has been identified follow Step 3.

4. On the corresponding Update page locate the field, 'PermissionsApiUserOnly' and change the value from true to false. Scroll to the bottom of the page and click the 'Confirm Update' button.
 
If done correctly, this should remove the 'API Only User' permission from the Permission Set assigned to the user, and they should now be able to login to the normal UI.

Note: If there are multiple Permission Sets that have 'API Only User' set to 'true', the steps above will have to be repeated for each unique Permission Set's Id.
 

 

 

 

Knowledge-artikkelnummer

000384703

 
Laster
Salesforce Help | Article