Is it possible to restrict an OAuth client’s access to specific divisions within a Genesys Cloud multi-tenant BPO structure without hitting the division filter limits on the API side? We’ve been trying to implement a Terraform module that provisions OAuth clients for different BPO partners, each needing access only to their assigned divisions. The issue arises when the client tries to fetch data outside their scoped divisions, resulting in 403 errors. We’ve set up the client with the necessary scopes (conversation:call:read, user:read), but the division filtering seems to require additional configuration. Here’s a snippet of our current Terraform setup:
resource "genesyscloud_oauth_client" "bpo_partner" {
name = "BPO Partner Client"
grant_type = "client_credentials"
scopes = ["conversation:call:read", "user:read"]
# Missing division scoping here
}
We’re looking for a way to enforce division-level access control directly on the OAuth client. Any insights on how to achieve this within the constraints of the Genesys Cloud API?