StdErrorsUnauthorized

The Unauthorized error indicates that the user is not authorized to perform the operation. API requests may include a security context containing user credentials. For example, the user credentials could be a SAML token, a user name and password, or the session identifier for a previously established session. Invoking the operation may require that the user identified by those credentials has particular privileges on the operation or on one or more resource identifiers passed to the operation.

Examples:

  • The operation requires that the user have one or more privileges on the operation, but the user identified by the credentials in the security context does not have the required privileges.
  • The operation requires that the user have one or more privileges on a resource identifier passed to the operation, but the user identified by the credentials in the security context does not have the required privileges.

Counterexamples:

  • The SAML token in the request’s security context has expired. A Unauthenticated error would be used instead.
  • The user name and password in the request’s security context are invalid. The Unauthenticated error would be used instead.
  • The session identifier in the request’s security context identifies a session that has expired. The Unauthenticated error would be used instead.

For security reasons, the Error.data field in this error is unset, and the Error.messages field in this error does not disclose why the user is not authorized to perform the operation. For example the messages would not disclose which privilege the user did not have or which resource identifier the user did not have the required privilege to access. The API documentation should indicate what privileges are required.


Properties

object
data Optional

Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully. Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports. The ArgumentLocations, FileLocations, and TransientIndication structures are intended as possible values for this field. DynamicID may also be useful as a value for this field (although that is not its primary purpose). Some services may provide their own specific structures for use as the value of this field when reporting errors from their operations.

Some operations will not set this field when reporting errors.


error_type Optional

Discriminator field to help API consumers identify the structure type. Can be unset for compatibility with preceding implementations.

Possible values are: ERRORALREADY_EXISTSALREADY_IN_DESIRED_STATECANCELEDCONCURRENT_CHANGEFEATURE_IN_USEINTERNAL_SERVER_ERRORINVALID_ARGUMENTINVALID_ELEMENT_CONFIGURATIONINVALID_ELEMENT_TYPEINVALID_REQUESTNOT_ALLOWED_IN_CURRENT_STATENOT_FOUNDOPERATION_NOT_FOUNDRESOURCE_BUSYRESOURCE_IN_USERESOURCE_INACCESSIBLESERVICE_UNAVAILABLETIMED_OUTUNABLE_TO_ALLOCATE_RESOURCEUNAUTHENTICATEDUNAUTHORIZEDUNEXPECTED_INPUTUNSUPPORTEDUNVERIFIED_PEER


messages Required

Stack of one or more localizable messages for human error consumers. The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked. Each subsequent message in the stack describes the “cause” of the prior message.

JSON Example

{
    "messages": [
        {
            "args": [
                "string"
            ],
            "default_message": "string",
            "id": "string"
        }
    ]
}
Feedback

Was this page helpful?