I am submitting a GET call to our OIM endpoint which is supposed to search all users for anybody with a mail value set to 'testaccount4343@test.test' but I'm getting a 401 Unauthorized response with the message,
"IAM-3054140 : You do not have permission to search the following user attributes: mail."
I'd created an admin user for the application I created for use in authorization of these calls and guessed that the permissions of that account may be insufficient, even though they've worked in all other calls. I tried changing them to the xelsysadm user, but it still kicks back the same error.
The URI of my request winds up looking like this: /iam/governance/selfservice/api/v1/users/?q=mail%20eq%20%27testaccount4343@test.test%27
I also tried changing the query from mail to userName, uid, and Last Name and the result is the same.
I can provide a full call if that would help, or if there's anything else I can provide that would help, please let me know.
Also, for clarification, I'm attempting to lookup the usrKey value of a user account using their User Id or email address. I'd provided a SCIM call for this purpose that works better, but that's encountering a CORS issue for the project team that doesn't make any sense and that I cannot overcome.