Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lasscyber.com/llms.txt

Use this file to discover all available pages before exploring further.

HTTP status403 Forbidden
Codeforbidden
Retry?No — request additional permissions.

When this happens

The request authenticated successfully but the credential lacks the permission needed to perform the action. Common causes:
  • The API key is missing a scope (e.g. tries to delete a policy with only policy:read).
  • The credential belongs to tenant A but the request targets a resource in tenant B (a cross-tenant access attempt).
  • The role attached to the user does not allow the action (e.g. a viewer trying to mutate something).
  • A specialised case: the JWT user has not verified their email — see email_not_verified which surfaces with the same 403 status but a different code.

Example response

{
  "detail": "Permission denied: missing scope policy:delete.",
  "code": "forbidden",
  "request_id": "5b3f6c7e-7d24-4d40-9b12-3a59c01c6e91",
  "doc_url": "https://docs.lasscyber.com/errors/forbidden"
}

How to fix

  1. Compare the action you attempted against the role matrix.
  2. If you control the API key, mint one with the right scope set.
  3. If you are a member without the right role, ask an owner or admin to grant it.
  4. If the resource simply belongs to a different tenant, switch tenants in the dashboard or use a key from the right tenant.

SDK behaviour

SDKException
Pythonagnes.PermissionError
TypeScriptPermissionError
SDKs do not retry 403s — there is no recovery without a permission change.