Android Management API:无法修补策略 - 调用者无权管理企业
[英]Android Management API: Failed to patch policy - Caller is not authorized to manage enterprise
问题描述
I have been working with the Android Management API to try and manage the policy of my company's existing enterprise.
我一直在使用 Android Management API 来尝试管理我公司现有企业的策略。 My company account has the Owner role within the organization and the roles Owner and Service Account Admin for the service account mentioned later.我的公司帐户在组织内具有 Owner 角色以及稍后提到的服务帐户的 Owner 和 Service Account Admin 角色。
I followed the Quickstart Guide to get familiar with the API and made some modifications for a more permanent solution along the way such as creating a service account with the Android Management User role via the Google Cloud Platform and generating a JSON key to acquire credentials rather than going through the OAuth2 flow like in the guide.我按照快速入门指南来熟悉 API 并在此过程中对更永久的解决方案进行了一些修改,例如通过谷歌云平台创建一个具有 Android 管理用户角色的服务帐户并生成一个 JSON 密钥来获取凭据而不是像指南中一样经历 OAuth2 流程。 This allowed me to authenticate properly, but when it comes time to patch the policy as such,这使我能够正确进行身份验证,但是当需要修补策略时,
androidmanagement.enterprises().policies().patch(
name=policy_name,
body=policy_json
).execute()
I get the following error:我收到以下错误:
<HttpError 403 when requesting https://androidmanagement.googleapis.com/v1/enterprises/XXXXXXXXX/policies/<policy_name>?alt=json returned "Caller is not authorized to manage enterprise.". Details: "Caller is not authorized to manage enterprise.">
I have verified that the service account I am authenticating with has the Android Management User role, and thus has the androidmanagement.enterprises.manage permission.我已验证我正在验证的服务帐户具有 Android 管理用户角色,因此具有 androidmanagement.enterprises.manage 权限。
I have also attempted to make this call with an elevated admin role in the organization.我还尝试在组织中以提升的管理员角色拨打此电话。
Is there a chance that I need to have created the enterprise with my own account to manage the enterprise?是否有可能我需要用自己的帐户创建企业来管理企业? The guide suggests that an organization can create multiple enterprises.该指南建议一个组织可以创建多个企业。 In which case, would I need to create a new Google account not associated with my organization's enterprise and create a new enterprise that way?在这种情况下,我是否需要创建一个与我组织的企业无关的新 Google 帐户并以这种方式创建一个新企业?
1 个解决方案
解决方案1
0 2021-11-03 15:32:02
It is advisable to use your own google account to call Android Management API since your organization account may not be compatible with the quickstart.建议使用您自己的 google 帐户调用 Android Management API,因为您的组织帐户可能与快速入门不兼容。
To access the Android Management API your service account requires the androidmanagement.enterprises.manage permission, which can be granted by the Android Management User role (or roles/androidmanagement.user).要访问 Android 管理 API,您的服务帐户需要 androidmanagement.enterprises.manage 权限,该权限可由Android 管理用户角色(或角色/androidmanagement.user)授予。 Kindly check this link for details regarding creating a service account.请查看此链接以了解有关创建服务帐户的详细信息。
Please keep in mind that the enterprise you created as part of the colab instructions can only be managed using the colab itself.请记住,您在 colab 说明中创建的企业只能使用 colab 本身进行管理。 To allow your cloud project to manage an organization, you will need to create one using the client configuration from your cloud project.要允许您的云项目管理组织,您需要使用云项目中的客户端配置创建一个组织。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.