After building the OAuth app with the required scopes (`tickets`) we realised that non-super-admin users need to also have the "Edit Property Settings" set to on from the User & Settings→ Account → Settings Access in order to be able to install the app, otherwise they get the dreaded `Authorization failed because you don't have permissions to authorize the scopes required by the app. Please contact your super admin to get the necessary permissions.`
Here are the tests that worked: - Install OAuth app from superadmin account, works fine.
- Edit non-super-admin user to have Edit Property Settings set to On (as described above) and install the app, that works fine. - Edit non-super-admin user to NOT have the Edit Property Settings On, expected it to get the Auth failed error. That failed as expected
Here are the tests that didn't work: - Give the OAuth app the tickets scope (Alongside the oauth, and a few crm.objects.contacts perms) and give the non-super-admin access to (read, write, delete) tickets (CRM tickets) but NOT have the Edit Property Settings set to On. Expected this to work, but didn't.
Any ideas or secret scopes such as `crm.objects.tickets.read` or `crm.objects.tickets.read` which could be used?
Asking customers to enable Edit Property Settings for all users is pretty iffy.
Hi @davidcoallier👋 Thanks for your question. I agree this is a tough spot. Let's invite some of our community champions to the conversation — @Phil_Vallender@MatthiasWeber@dsmarion, do you have any experience with similar scoping issues?