Skip to main content

Druva API Error: "User is not authorized to access this resource with an explicit deny" (Error Code 4294971402)

Updated over a week ago

Problem Statement

When attempting to use Druva Platform APIs (e.g., /platform/console/v1/admins) to manage administrators, the API call returns an "User is not authorized to access this resource with an explicit deny" error with errorCode: "4294971402".

Overview

This error indicates that the API key or the associated administrator account lacks the necessary permissions to perform the requested operation. Specifically, the "Access Administrator Management APIs" setting within the Druva Admin Console is disabled for the Druva Administrators, leading to an explicit denial of access for administrator-related API calls.

Cause

The primary cause for this error is the "Access Administrator Management APIs" setting being disabled in the Druva Admin Console for the administrator profile associated with the API key used for the call.

Example of the problematic API query and response:

Query:

Bash
curl --request GET \
     --url 'https://apis.druva.com/platform/console/v1/admins?pageSize=100&pageNumber=1&sortBy=adminName&sortOrder=ASC' \
     --header 'Authorization: Bearer <Your_Auth_Token>' \
     --header 'Content-Type: application/json' \
     --header 'accept: application/json'

(Note: <Your_Auth_Token> replaces the placeholder token from the original query.)

Response:

JSON
{
  "message": "User is not authorized to access this resource with an explicit deny",
  "errorCode": "4294971402"
}

Steps to Resolve

  1. Log in to the Druva Cloud Platform Console as an administrator with sufficient privileges (e.g., Cloud Administrator).

  2. Navigate to Cloud Settings and Enable the API Access:

    • Click the hamburger menu icon in the top-left corner to access the Global Navigation Panel.

    • Select Druva Cloud Settings.

    • Within "Druva Cloud Settings", locate the setting titled "Access Administrator Management APIs".

    • Ensure this setting is enabled .

  3. Save Changes:

    • Click Save to apply the changes.

Refer to the below screenshot:

4. Retest the API Call:

  • Attempt your API client request again. The API call should now succeed.

Note:

  • Always ensure that the administrator account associated with your API key has the minimum necessary permissions for the API operations you intend to perform. Granting only required permissions follows the principle of least privilege.

  • If you are unsure which administrator profile or API key is being used, you may need to consult your Druva administrator or generate a new API key.

Related Articles
Create and Manage API Credentials
How to access DCP APIs using the Postman application
Troubleshoot error 403 Access Denied Error when accessing DCP console
How to use API Credentials with Druva Developers Hub
Druva inSync - FireEye Helix Integration
Did this answer your question?