OpenBankingProject, for api call `create custom view`. How to grant the `cancreatecustomview` permission

Question

I am using the Open Bank Project API Sandbox. My issue is when performing the api call Create a custom view on bank account

I am getting

{code: 400, message: OBP-20022: View does not permit the access. You need the cancreatecustomview permission on any your views}

Context:
After using a consumer app user-id to obtain a direct login token, I then sequentially and successfully perform the following api calls;
create a second bank user, create a customer, create a user-customer-link for the second-user, create an account with second-user-id everything is good.

At this point I need to create a custom view for the account following the steps here. Following these steps I receive the status 400 OBP-20022 above.

I have copied the full trace below.

From the trace it appears to be a permissions issue however when I try to add the cancreatecustomview role the api reports that it does not exist.

api request and response truncated for readability

request url https://obplite/obp/v5.1.0/banks/wl.1.uk/accounts/{USER_ID}/views

the json body is the custom view, here I have shortened then long list of view permissions with .....

{"name":"_test","description":"This view is for family","metadata_view":"_test","is_public":true,"which_alias_to_use":"family","hide_metadata_if_alias_used":false,"allowed_actions":["can_see_transaction_this_bank_account", .....    "can_see_transaction_other_bank_account", "can_create_standing_order"]}

response {code: 400, message: OBP-20022: View does not permit the access. You need the cancreatecustomview permission on any your views}

interpreting the response as a direction to grant the role cancreatecustomview

request url https://obplite/obp/v5.1.0/users/db40238c-8109-41ff-a605-9559291a4f4b/entitlements

request body {"role_name":"CanCreateCustomView","bank_id":"wl.1.uk"}

response include a long list of Roles shortened for readability

 {code: 400, message: OBP-10007: Incorrect Role name:CanCreateCustomView. Possible roles are CanAddKycCheck, CanAddKycDocument, ..............., CanUseAccountFirehoseAtAnyBank, CanUseCustomerFirehoseAtAnyBank}

in the grant role response above, the list of roles does not include CanCreateCustomView Any help or feedback much appreciated.

Answer 1

CanCreateCustomView is not a role, it is a permission in side the views.

Please join https://chat.openbankproject.com/ and ask question to the Open Bank Project teams... they can help you there.

Answer 2

the solution here was 2 more api calls and an update in the scala properties

details

1. to grant the needed cancreatecustomview permission

   need to call the Grants User access to view
   Request

   url like /obp/v5.1.0/banks/BANK_ID/accounts/ACCOUNT_ID/account-access/grant
   body like

   { "user_id":"userwithaccount-ID", "view":{ "ManageCustomViews":"owner", "is_system":true }}

for this to work the userid must have an account,
that is the account table row has this userid AND the userid must have been granted the "CanCreateSystemView" role

2. after you have successfully set the ManageCustomViews system view you need a second api call to update/refresh the users permissions
   Request
   url like /obp/v5.1.0/users/USER_ID/refresh

at this point this user can create custom views and you are past the cancreatecustomview permission error above

3. in the case your custom view is a public view you need to update the scala codes default.props and set the property allow_public_views=true it defaults to false.

with these steps I was able to get past the OBP-20022 and create custom views