[BUG] mcdev init fails if installed package has insufficient privileges

[JoernBerkefeld]

Is there an existing issue for this?

• [X] I have searched the existing issues

Current Behavior

Expected Behavior

it should guide the user to update the permissions and afterwards wait for 10 minutes (because it takes time to cascade the updated permissions into every server of sfmc and it might fail if you try right after adding the crednetials (does not apply to new installed packages)

Steps To Reproduce

1. Go to '...'
2. Click on '....'
3. Run '...'
4. See error...

Version

4.3.4

Environment

• OS:
• Node:
• npm:

Participation

• [X] I am willing to submit a pull request for this issue.

Additional comments

No response

[FiB3]

Hey @JoernBerkefeld, Maybe it would be also a good idea, to allow to use the mcdev tools with less API scopes (of course with limited functionality), as it seems that the tool is unusable without full access. Hence a no-no for security-strict orgs.

Suggestion: The tool (on the init) tests the scopes. For all that would be not allowed, it would disable working with given Metadata (object).

[JoernBerkefeld]

hi @FiB3 good thinking, but it's not that mcdev doesn't allow it: it will try to do whatever it can and simply issue a generic warning if access is missing. it does not test for anything in particular but instead simply fails eventually - based on the APIs returning errors.

in this bug, us not testing actually led to a malfunction and I was hoping to make things more intuitive eventually.

with that said, my current client is also picky about access and hence I created a serious of new tickets to cover a more common scenario:

• 1186

[FiB3]

Ah ok, but still, mcdev did not initialised for me yesterday. With following:

...
? MID of Parent Business Unit 00000000
13:34:30 warn: Installed package has insufficient access. You might encounter malfunctions!
13:34:30 warn: Missing scope: accounts_read, accounts_write, approvals_read, approvals_write, calendar_read, calendar_write, campaign_read, campaign_write, contact_bu_mapping_create, contact_bu_mapping_delete, contact_bu_mapping_update, contact_bu_mapping_view, deep_linking_asset_delete, deep_linking_settings_read, deep_linking_settings_write, dfu_configure, event_notification_callback_create, event_notification_callback_delete, event_notification_callback_read, event_notification_callback_update, event_notification_subscription_create, event_notification_subscription_delete, event_notification_subscription_read, event_notification_subscription_update, file_locations_read, file_locations_write, journeys_aspr, journeys_delete, journeys_execute, key_manage_revoke, key_manage_rotate, key_manage_view, marketing_cloud_connect_read, marketing_cloud_connect_send, marketing_cloud_connect_write, ott_channels_read, ott_channels_write, ott_chat_messaging_read, ott_chat_messaging_send, package_manager_deploy, package_manager_package, push_read, push_send, push_write, sms_read, sms_send, sms_write, social_post, social_publish, social_read, social_write, tags_read, tags_write, tracking_events_write, users_read, users_write, webhooks_read, webhooks_write, workflows_read, workflows_write
13:34:30 info: Loading BUs
13:34:30 error: Credentials failure. SOAPError: API Permission Failed.
 $ mcdev retrieve
13:43:38 info: mcdev:: Retrieve
13:43:38 error: Could not find .mcdevrc.json in /my/path/.../.
13:43:38 error: Run 'mcdev init' to initialize your project.

Seems to me, that there's some API call, that failed due to a missing permission. :(

As per the new ticket - my Installed Package is in Parent BU, however it does not have all the permissions. So the issue seems to be a bit different (with the same outcome).

[JoernBerkefeld]

it failed when trying to load BUs. Since you entered "00000000" for the parent BU's MID I'm assuming you don't know it & didn't have access to it. The current solution requires that because it's used in multiple areas (for anything shared basically) That's exactly the case that these other tickets are supposed to tackle.

This ticket on the other end, is supposed to make it easier for you to understand the typical problems (including yours) more easily.

[FiB3]

U just anonymised the output. :D I put the correct Main BU MID. :)

[JoernBerkefeld]

ah, in that case, it's likely the missing accounts_read permission - just a guess. Working out what permission allowed what was never high on my list for mcdev TBH.