We are currently migrating to OIDC where we need to give access through access groups linked to Azure AD.
On our Statnett cluster it seems that a user needs to explicitly be member of a group “transformations” in order to to delete (or edit) a transformation.
The admin group has the capabilities (on “test”)
{'transformationsAcl': {'actions': c'READ', 'WRITE'], 'scope': {'all': {}}}}]
But we need to login to the legacy login without OIDC and have a service account linked explicitly to the group “transformations” in order to delete a transformation. The group “transformations” has no capabilities set.
I have tried both Fusion and the API/python-SDK (read is possible):
CogniteAPIError: Transformation not found. This may also be due to insufficient access rights. | code: 403 | X-Request-ID: b7c0beb6-d3e0-9ec4-ba50-895533ac1996