"You don't have permission to access this." when displaying Directus User in a list in the built-in Directus UI about directus HOT 2 CLOSED

I dug deeper and found, that the following query is issued in the case of the "Unknown user":

https://directus-mycv.my.family/users/eff301fd-341c-4ef0-a12b-2a158f3e0a2a?fields[]=id&fields[]=first_name&fields[]=last_name&fields[]=avatar.id&fields[]=role.name&fields[]=status&fields[]=email

However, the following query works properly:

https://directus-mycv.my.family/users?id=eff301fd-341c-4ef0-a12b-2a158f3e0a2a?fields[]=id&fields[]=first_name&fields[]=last_name&fields[]=avatar.id&fields[]=role.name&fields[]=status&fields[]=email

Note the users?id=... instead of sers/<id>?....

This one users?id=... is not a valid API call, it will work as in the id parameter will get ignored and it will just list the users you have access to as the /users endpoint would without the ?id= parameter.

If you're seeing a "permission denied error" in an admin account then that is likely caused by the specific ID not existing. In this specific case it looks like you're trying to use the built-in "Users" display with a non-system users table likely causing it to query system users with a custom user collection ID.

from directus.

The issue is I am receiving the 403 with this URL:
https://directus-mycv.my.family/users/eff301fd-341c-4ef0-a12b-2a158f3e0a2a?fields[]=id&fields[]=first_name&fields[]=last_name&fields[]=avatar.id&fields[]=role.name&fields[]=status&fields[]=email.

The user absolutely does exist.

However: I think you are right: I tried to apply the User-Display to my custom user - which does not work. So it was a mistake on my end.

Thank you for your response!

from directus.