when you create a user, api4thewin for example, you must grant it permissions or it will not be able to do anything except login to the UI where, if it doesn't have any permissions, it won't be able to see or do anything.
sometimes, even after granting your user the folio_admin permission set, an API attempt will result in a message that says you don't have permission to do what you want to do - and sometimes the permission that you need is not to be found among the permissions that you can give your user via the UI - at times like these the trick is to add the required permission via API rather than the UI
a users permission are not found in the users dbTable - rather they are found in the permissionUsers dbTable where, confusingly, the user is not the user but is, actually, the row in the table that associates a userId with a list of permissions
- permissionUsers
- id
- userId
- permissions
so, to see api4thewin's permissions get the userId from /users?query=username="api4thewin" and then get the permissions from /perms/users?query=userId="$userId"
to add a permission simply add it to the permissions array and PUT /perms/users/$id
for a complete list of permissions, including those that you won't find in the UI, GET /perms/permissions
see also perms