MCAS API token error - "the owner of this token is not permitted to use tokens"

New Contributor

Hi All,


We trying to use MCAS API to upload Discovery log for one of the data source configured in the tenant. As steps provided in the document, we are trying to initialize file upload using below API call:



curl -XGET -H "Authorization:Token <your_token_key>" "https://<tenant_id>.<tenant_region>"




Even though API token is generated by a Global administrator in Azure AD, still it shows error as: 

{"detail":"Invalid user - the owner of this token is not permitted to use tokens"}


Can you please help me debug this issue?




2 Replies
Is the token issued by the tenant administrator, not the guest administrator?
We have confirmed that the token issued by the external administrator of MCAS cannot be used.
best response confirmed by subhajitdey01 (New Contributor)
Thanks for the information @shoando. We found out that even though a user has full access to MCAS by virtue of Global Admin or Security admin role in Azure AD, the user needs to be explicitly assigned Global admin role from MCAS portal under Manage Admin Access, then only the token can be used for uploading logs.