Contact Import Utility

[Ilyaas]

Hi, 

Seem to be struggling with hornbill contact import utility

Followed all the relevant instructions but seem to be coming across a keysafe related error. the below is what is in the relevant wiki link. has anyone experienced similar issues. i assume either the below or the config file may need tweaking, just not sure what im missing.  

Link: https://wiki.hornbill.com/index.php?title=SQL_Contact_Import

API Key Rules

• admin:keysafeGetKey
• admin:portalSetContactAccess
• data:entityAddRecord
• data:entityBrowseRecords2
• data:entityUpdateRecord
• system:logMessage
• apps/com.hornbill.core/Contact:changeOrg
• apps/com.hornbill.servicemanager/ContactOrgRequests:changeOrgRequestSetting
• apps/com.hornbill.servicemanager/ServiceSubscriptions:add

Below is the error i receive

2024/04/15 13:49:23 [ERROR] API call to retrieve key information from Keysafe failed: The API key being used does not have permission to access this keysafe record

[Steve Giller]

I'm not sure why you've posted the API Key rules - these are APIs that the API Key can be used to access. They have nothing to do with the KeySafe.

The error is stating that the API Key (i.e. the User the API Key is generated against) does not have permission to access the KeySafe record that you have specified in the config - either they do not have a relevant role or the record itself is limited to specific Users.

[Ilyaas]

thanks steve, in which case are you aware what could be the issue.

 

api key simply has the aforementioned rules as per wiki

subsequently in key safe area, i simply associated the relevant api key, added the instance id etc as normal

followed relevant OBD steps but get the error. i just figured i may not be the only one. any thoughts? before using an hourly credit we have i thought would try support and community forum first to see if could get anywhere with it as i have simply followed the step by step process

[Steve Giller]

What Roles does the User against whom the API was generated have?

[Ilyaas]

System administrator so full admin rights. 

[SamS]

Hi @ilyaas, could you please confirm that you have indeed used the API Key which is behind "contact import 2". If not, then add the API Key which you are using to that same list.

[Ilyaas]

Hi Sam, 

Yes used the same api key associated to "contact import 2" just checked it again to be sure and it is definitely the same. 

i vaguely recall previously it was either permissions as mentioned earlier or we amended the config file outside the standard to make it work.

[Steve Giller]

1 hour ago, ilyaas said:

System administrator so full admin rights. 

I'm slightly confused here, there is no Role called "System Administrator" - there is a "Super User" role but this does not mean it ignores the Security model.
The default Admin User is called "System Administrator" but likewise this does not automatically mean it has access to everything on the system.
More importantly, neither the System Administrator User nor the "Super User" Role (if that's the role you meant) should be used for anything except recovering from a catastrophic issue - e.g. your SSO config has broken and System Administrator is the only User who can use Direct Login.

[Ilyaas]

Thanks Steve.

Can you advise which roles are required in order to make this process work. i will select one of the admins and ensure they have the appropriate rights. feel free to list whatever is required to make this work and i will follow the relevant process.  

i would assume there is maybe a role already available? if not let me know the relevant details and i can create one to complete this scenario.

[SamS]

@ilyaas,

Could it be that the KeysafeKeyID in the configuration file is set as a string instead of an integer?

"KeysafeKeyID": "123"

whereas it should be:

"KeysafeKeyID": 123

Note the missing set of double-quotes.

I'm going by the source-code of the utility here and not by confirming it separately.

[Ilyaas]

Hi Sam,

Not sure although we have a new developer here so i had him create a process using the API which worked out better so used this method instead.

ilyaas