Looking for advice on a persistent 403 Forbidden error when attempting to publish weekly schedules via the WFM API (v1.18) using a service account assigned the ‘Compliance Auditor’ role. The goal is to automate schedule generation while maintaining strict audit trails, but the POST /api/v2/wfm/schedules/publish endpoint rejects the request despite the account having explicit ‘wfm:schedule:publish’ permissions granted in the org settings. The error payload indicates a lack of sufficient privileges, which contradicts the permission matrix documentation. This setup works perfectly for users with the standard ‘Workforce Management Admin’ role, suggesting a specific restriction or bug with the compliance-focused roles when interacting with the publish endpoint directly. We are operating in the us-east-1 region, and the API calls are originating from an internal automation script running in the America/Chicago timezone context, though the timezone itself seems irrelevant to the auth failure.
Has anyone successfully configured a non-admin role to handle automated schedule publishing without triggering this access denial? We have verified that the service account is active and not locked out, and other WFM endpoints like GET /wfm/schedules work without issue. The problem seems isolated to the write operation. We need this functionality to ensure that schedule changes are logged by a dedicated compliance identity rather than a generic admin account, which is a requirement for our internal security audits. Any insights into whether this is a known limitation of the ‘Compliance Auditor’ role or if there is a specific additional permission or role assignment required to bypass this 403 response would be greatly appreciated. We are currently blocked on moving our automation pipeline to production due to this security constraint.