cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

MCAS API token error - "the owner of this token is not permitted to use tokens"

subhajitdey01
Copper Contributor

‎May 13 2021 05:08 AM - edited ‎May 13 2021 06:18 AM

‎May 13 2021 05:08 AM - edited ‎May 13 2021 06:18 AM

MCAS API token error - "the owner of this token is not permitted to use tokens"

Hi All,

 

We trying to use MCAS API to upload Discovery log for one of the data source configured in the tenant. As steps provided in the document, we are trying to initialize file upload using below API call:

 

 

curl -XGET -H "Authorization:Token <your_token_key>" "https://<tenant_id>.<tenant_region>.contoso.com/api/v1/discovery/upload_url/?filename=my_discovery_file.txt&source=GENERIC_CEF"

 

 

 

Even though API token is generated by a Global administrator in Azure AD, still it shows error as: 

{"detail":"Invalid user - the owner of this token is not permitted to use tokens"}

 

Can you please help me debug this issue?

 

regards,

Subhajit

Labels:
2,660 Views
1 Like
2 Replies
Reply
2 Replies
shoando

‎May 13 2021 09:40 PM

‎May 13 2021 09:40 PM

Re: MCAS API token error - "the owner of this token is not permitted to use tokens"

Is the token issued by the tenant administrator, not the guest administrator?
We have confirmed that the token issued by the external administrator of MCAS cannot be used.
1 Like
Reply
best response confirmed by subhajitdey01 (Copper Contributor)
subhajitdey01

‎May 17 2021 01:34 AM

‎May 17 2021 01:34 AM

Solution

Re: MCAS API token error - "the owner of this token is not permitted to use tokens"

Thanks for the information @shoando. We found out that even though a user has full access to MCAS by virtue of Global Admin or Security admin role in Azure AD, the user needs to be explicitly assigned Global admin role from MCAS portal under Manage Admin Access, then only the token can be used for uploading logs.
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by subhajitdey01 (Copper Contributor)
subhajitdey01

‎May 17 2021 01:34 AM

‎May 17 2021 01:34 AM

Solution

Re: MCAS API token error - "the owner of this token is not permitted to use tokens"

Thanks for the information @shoando. We found out that even though a user has full access to MCAS by virtue of Global Admin or Security admin role in Azure AD, the user needs to be explicitly assigned Global admin role from MCAS portal under Manage Admin Access, then only the token can be used for uploading logs.

View solution in original post

1 Like
Reply