Error: [editUser] permission is required- When Attempting to Inactivate Users in Vault API

Overview:

When attempting to disable users with the [https://{{vaultDNS}}/api/{{version}}/objects/users] endpoint, Users attempting to initiate the API call they receive an [editUser] permission is required Error:

"type": "INSUFFICIENT_ACCESS", 
"message": "Cannot update user [XXXXXX] due to insufficient privileges : [editUser] permission is required"

Root Cause:

The [https://{{vaultDNS}}/api/{{version}}/objects/users] endpoint does not allow to disable Users (i.e.: to update the Status of the Records). This is working as designed.

Solution:

Please use the below endpoints, per your use-case:

To perform the changes in Bulk or Use the Bulk Object Record User Action on user__sys, call change_state_to_inactive_useraction__sys for a single or multiple Users, or
Use the Single Disable User endpoint

Related Documentation:

Vault Developer Portal:

Bulk Object Record User Action on user__sys and call change_state_to_inactive_useraction__sys
Single Object Record User Action on user__sys and call change_state_to_inactive_useraction__sys
Single Disable User

Product Support Portal

Search the Knowledge Base

Welcome to the Veeva Product Support Portal!

Welcome to the Veeva Product Support Portal!