Affects Version/s: 6.1.X EE, 6.2.X EE, 7.0.X, 7.1.X, Master
Component/s: Web Services > JSON WS
We're running into this exception (403 Forbidden) when trying to invoke get-company-users and then get-contact for each returned user.
We figured that omniuser doesn't have permission to VIEW default user.
We confirmed with these steps:
1. Spin up a fresh DXP instance
2. Log in with omniadmin user firstname.lastname@example.org
3. Through /api/jsonws, invoke get-companies to get companyId
4. Invoke get-company-users with companyId from result above (20115) (start -1, end -1)
5. Invoke get-user-by-id with the Id of the default user from result #4 (20119)
6. Invoke get-contact with the contactId of the default user from result #4 (20120)
Omniadmin user should be able to "VIEW" default user using get-user-by-id and get-contact, since it was able to "VIEW" default user using get-company-users