ZITADEL•4w ago•

18 replies

Issue with UpdateUser API - Missing `user.write` Permission on Self-Hosted Zitadel

🏬Self-hosted❌Unsolved🪲Bugs

Hi everyone

I'm experiencing an issue with the UpdateUser API (

PATCH /v2/users/{userId}

PATCH /v2/users/{userId}

) on our self-hosted Zitadel instance and need help understanding the permission requirements.

Context:
- Using Zitadel self-hosted via Helm in our dev environment
- Using a Personal Access Token (PAT) for authentication
- Local setup with Docker Compose works fine

- Dev environment (Helm) returns permission errors

The Problem:
According to the Zitadel V2 API docs, the

UpdateUser

UpdateUser

endpoint requires the

user.write

user.write

permission.

However, when I create a PAT in our Helm-deployed instance, I don't see an option to grant

user.write

user.write

permission, and API calls fail with permission errors.

What Works:
- Local Docker Compose setup: PAT can successfully call

PATCH /v2/users/{userId}

PATCH /v2/users/{userId}

- The PAT can call other endpoints like

POST /v2/users/human

POST /v2/users/human

(user creation)

What Doesn't Work:
- Dev environment (Helm): Same PAT setup fails on

PATCH /v2/users/{userId}

PATCH /v2/users/{userId}

- Possibly related to different Zitadel versions between Docker Compose and Helm?

Questions:
1. How do I explicitly grant

user.write

user.write

permission to a PAT in self-hosted Zitadel?
2. Are there differences in permission models between Zitadel versions?
3. Is there a specific Helm configuration needed to enable these permissions?
4. Should I be using a different authentication method (e.g., service account with specific roles)?

ZITADEL•4w ago•

18 replies

NinjqTune

Issue with UpdateUser API - Missing `user.write` Permission on Self-Hosted Zitadel

🏬Self-hosted❌Unsolved🪲Bugs

Hi everyone

I'm experiencing an issue with the UpdateUser API (

PATCH /v2/users/{userId}

PATCH /v2/users/{userId}

- Dev environment (Helm) returns permission errors

The Problem:
According to the Zitadel V2 API docs, the

UpdateUser

UpdateUser

endpoint requires the

user.write

user.write

permission.

However, when I create a PAT in our Helm-deployed instance, I don't see an option to grant

user.write

user.write

permission, and API calls fail with permission errors.

What Works:
- Local Docker Compose setup: PAT can successfully call

PATCH /v2/users/{userId}

PATCH /v2/users/{userId}

- The PAT can call other endpoints like

POST /v2/users/human

POST /v2/users/human

(user creation)

What Doesn't Work:
- Dev environment (Helm): Same PAT setup fails on

PATCH /v2/users/{userId}

PATCH /v2/users/{userId}

- Possibly related to different Zitadel versions between Docker Compose and Helm?

Questions:
1. How do I explicitly grant

user.write

user.write

Issue with UpdateUser API - Missing `user.write` Permission on Self-Hosted Zitadel

Similar Threads

Issue with UpdateUser API - Missing `user.write` Permission on Self-Hosted Zitadel

Similar Threads

Similar Threads

Similar Threads