Does Workday Accounts need Modify to fetch group attributes when using OAuth 2.0?

When setting up the Workday Accounts connector, we noticed that inorder to read the COMMENT (description) and DESCRIPTOR (name) of the entitlements, it is necessary to use OAuth 2.0. Currently we had it set up and working with Basic Auth, but it was not pulling in those 2 fields.

We are currently reconfiguring it to use OAuth 2.0, and have a user configured, but in looking at the permissions, I am seeing that Modify Access is needed to Fetch these two fields, not just read. See #4 in the documentation: OAuth 2.0 Authentication

Is there a reason that Modify Access is needed to Fetch these 2 fields, or will Read work. We do not plan to write back to these fields, and just want to bring in the Description values for the USER_BASED_SECURITY_GROUP entitlements.

I wanted to follow up. We did test this, and having just the read only permissions FAILS, so you must have the modify too.

We were asked this question again to day and without knowing exactly which endpoints are being used by the connector, I can’t look myself to see why this is a requirement.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.