I'm trying to figure out what permissions to apply for a new account role (top-level account). The role would only use GET calls and I have everything figured out except for /api/v1/users/:user_id/courses.

I have the following permissions set:

• SIS Data - read
• Course Content - view
• Users - view list
• Grades - view all grades

With those permissions I am able to retrieve results for /api/v1/users/:user_id/enrollments, but not for /api/v1/users/:user_id/courses.

I've tried setting "Courses - view list" and "Users - act as", but they don't seem to make a difference...I still receive 401 unauthorized.

Does anyone have a clue what permissions need to be set for the role in order to return results for /api/v1/users/:user_id/courses?