I’m encountering a frustrating permission issue with our document control integration. We’re using the REST API to bulk upload SOPs and work instructions, but the uploads consistently fail with a 403 Forbidden error.
The strange part: the same user account can upload documents individually through the UI without any issues. The API service account has the “Document Administrator” role assigned, which should have full permissions.
POST /api/documents/bulk-upload
Authorization: Bearer {token}
Response: 403 {"error": "Insufficient permissions for bulk operations"}
We’ve verified the authentication token is valid and the role assignments are correct in the UI. Is there a separate permission setting for bulk API operations that I’m missing? This is blocking our migration from our legacy DMS system.
Another thing to check - does your document control module have workflow states that restrict bulk operations? Some organizations configure their document workflows to prevent bulk uploads during certain approval states to maintain audit trail integrity. The UI might bypass this for individual uploads but the API enforces it strictly.
Have you verified the document type permissions specifically? Even with Document Administrator role, bulk uploads require explicit permissions for each document type you’re trying to upload. If you’re uploading SOPs and Work Instructions, you need to ensure the role has “Create” permissions enabled for both document types in the Document Type Security matrix.
Check the API-specific permissions in your role configuration. In ETQ 2021, bulk operations have separate permission flags that aren’t automatically granted even with Document Administrator role. Navigate to Admin > Security > Roles and look for the “API Bulk Operations” permission checkbox.
In my experience with ETQ 2021, the 403 error for bulk operations usually indicates one of three issues: the role lacks the specific “Bulk Operations” permission flag, the API user account isn’t properly licensed for API access (separate from UI licensing), or there’s an IP whitelist restriction on the API endpoint. Check your API access logs to see if the request is even reaching the authorization layer or being blocked earlier in the chain.
I ran into this exact scenario during our ETQ implementation. The issue is that ETQ distinguishes between UI permissions and API permissions at the role level. Even though your user has Document Administrator role, that role might not have the “API Access” permission enabled.
Go to Admin > Security > Roles > Document Administrator and check these specific settings:
API Access Enabled (checkbox)
Bulk Upload Limit (might be set to 0)
API Rate Limiting (could be blocking your requests)
Also verify that your API authentication is using the correct endpoint. ETQ 2021 has different auth endpoints for UI sessions versus API tokens.