Description:
Users may receive an "Access denied" error when trying to access an SSC application, even though they belong to a SCIM-provisioned group with the correct permissions.
This is the error:
Access denied due to one of the following reasons:
1). The requested resource does not exist.
2). The user does not have access to the requested resource.
3). One of the following permissions is required: Generate reports, View application versions
Solution:
This happens when the user was manually created or existed before SCIM was enabled. SCIM cannot apply group permissions to non-SCIM-managed users.
To fix:
The customer must delete the user in SSC, then allow SCIM to recreate the user automatically during the next sync. Once recreated, the user will be SCIM-managed, and group permissions will apply as expected and the error should be disappeared.
Note:
Always ensure users show the “externally managed” tag in SSC to confirm SCIM provisioning.
This tag confirms that the user account has been provisioned via SCIM and is managed externally (e.g., through an identity provider). or ask the customer if either the application was created after turned SCIM or the group.
Changes made before SCIM activation may not sync automatically and could require manual intervention or reconfiguration.