Issue
When a user account is restricted to a single application in Fusion, attempts to import objects such as datasources, query pipelines, and index pipelines may fail with an "Unauthorized" error. Similarly, adding, displaying, or sorting fields in Query Workbench may also trigger unauthorized access errors.
Diagnosis
Verify the issue by:
Attempting to import an object (for example, a datasource or query pipeline) under a single-app access role.
Attempting to add or sort fields in Query Workbench.
If either action returns an "Unauthorized" error, the role permissions may be incomplete.
Environment
Fusion 5.9.2 and above
Applies to roles restricted to a single application.
Cause
The role assigned to the affected user lacks required API endpoint permissions for object import operations and Query Workbench field management.
Resolution
Update the role permissions to include the necessary API endpoints. Add the following permissions to the affected role:
POST,GET,HEAD,DELETE,PUT:/datasources/**
POST,DELETE,GET,HEAD,PUT:/api/**
POST,GET,HEAD,DELETE,PUT:/blobs/**
POST,GET,HEAD,DELETE,PUT:/collections/*
POST,GET,HEAD,DELETE,PUT:/configurations/**
POST,GET,HEAD,DELETE,PUT:/index-pipelines/**
POST,GET,HEAD,DELETE,PUT:/query-pipelines/**
GET,POST,PUT,HEAD:/index-profiles/**
GET,POST,PUT,HEAD:/parsers/**
GET,POST,PUT,HEAD:/prefs/apps/search/*
GET:/spark/schema
GET,POST,PUT,DELETE,HEAD:/links/**
GET,POST,PUT:/objects/**
GET,POST,PUT,DELETE,HEAD:/groups/**
POST,GET,PUT:/schema/fields/**
POST,GET,PUT:/suggestions/**Steps to apply changes:
In the Fusion UI, navigate to Access Control → Roles.
Select the role assigned to the affected user.
Add the above API permissions.
Save the role changes.
Test by importing objects and adding/sorting fields in Query Workbench to confirm the error no longer occurs.