Context:
Running automated deployment pipeline via GitHub Actions.
Environment: Genesys Cloud Org (EU-West)
Terraform Provider: 1.18.4
Genesys Cloud CLI: 2.4.1
Attempting to assign a custom IAM security profile to a user resource. The security profile exists and is valid. Manual assignment via UI succeeds immediately. Terraform apply fails consistently at the user resource block.
Error output:
Error: Error updating User "12345": 403 Forbidden
Message: "Insufficient privileges to perform this action."
The service account used for Terraform has admin role and security-profile:write permissions verified via genesyscloud_auth_service_account debug logs. The profile ID is correct.
resource "genesyscloud_user" "agent" {
name = "Test Agent"
email = "[email protected]"
security_profile_ids = [var.custom_profile_id]
}
Relevant API call seems to be hitting /api/v2/users/{userId} but returns 403 specifically when the securityProfileIds array is populated.
Question:
Is there a known bug in provider 1.18.4 regarding security profile binding? Or is there a specific permission grant required beyond standard admin roles for programmatic IAM updates? Looking for workarounds or confirmation if this is a backend API restriction.