Added more v2beta endpoints

[kalebscholes]

Definition of Ready

• [x ] I am happy with the code
• [x] Short description of the feature/issue is added in the pr description
• [ ] PR is linked to the corresponding user story
• [ ] Acceptance criteria are met
• [ ] All open todos and follow ups are defined in a new ticket and justified
• [ ] Deviations from the acceptance criteria and design are agreed with the PO and documented.
• [x] No debug or dead code
• [x] My code has no repetitions
• [x] Critical parts are tested automatically
• [x] Where possible E2E tests are implemented
• [ ] Documentation/examples are up-to-date
• [x] All non-functional requirements are met
• [x] Functionality of the acceptance criteria is checked manually on the dev system.

[kalebscholes]

I'm having an issue testing the user endpoints because I keep getting the following error: rpc error: code = PermissionDenied desc = No matching permissions found (AUTH-AWfge)

Any ideas on which permission I may be missing?

[hifabienne]

@kalebscholes Can you give an example on which endpoints you have that problem? I am not sure, but I think on some endpoints the requesting user has to be the manipulated user, as its things that only the users theirself can do. E.g verifying passkey @stebenz @muhlemmer I that correct?

[muhlemmer]

For most user/v2beta calls user.write permission would work or the user itself.

user.write permission is currently set in defaults.yaml to the following Roles:

• IAM_OWNER
• IAM_ORG_MANAGER
• IAM_USER_MANAGER
• ORG_OWNER
• ORG_USER_MANAGER

In a typical use case, one would set up a service user in an organization and give him ORG_OWNER or ORG_USER_MANAGER permissions on that organization. You can do this in the console.

A user is also allowed to change its own details. For this you need a session token from the session/v2beta API. Some endpoints, like the u2f config are only allowed by the user itself, because it wouldn't make sense for an API user to have access to the relevant hardware key.

If you have any more questions, I would recommend joining our discord at https://zitadel.com/chat. A PR is not the correct place to have this kind of discussion.