SOAP API | Create User request | AccountUser object | User ####### does not have permission to edit ACCOUNTUSERS on account (MID)
Trailblazer Community

SOAP API | Create User request | AccountUser object | User ####### does not have permission to edit ACCOUNTUSERS on account (MID)

Marketing Cloud Admin , Marketing Cloud API

Last updated 2020-08-05 ·Reference W-6610186 ·Reported By 8 users

Fixed in version Marketing Cloud Release July 2020

Summary
It is not currently possible to create a user on the AccountUser object via the SOAP API using an enhanced installed package.

Repro
Perform a SOAP API Create Request with the following body:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<fueloauth>{{OAuthToken}}</fueloauth>
</soap:Header>
<soap:Body>
<CreateRequest xmlns="http://exacttarget.com/wsdl/partnerAPI">
<Options>
<SaveOptions>
<SaveOption>
<PropertyName>*</PropertyName>
<SaveAction>UpdateAdd</SaveAction>
</SaveOption>
</SaveOptions>
</Options>
<Objects xsi:type="AccountUser">
<Client>
<ID>MID</ID>
</Client>
<PartnerKey xsi:nil="true"></PartnerKey>
<ObjectID xsi:nil="true"></ObjectID>
<UserID>********</UserID>
<Password>*********</Password>
<Name>MCTestAPIUser</Name>
<Email>test@test.com</Email>
<ActiveFlag>true</ActiveFlag>
<IsAPIUser>false</IsAPIUser>
<IsLocked>false</IsLocked>
<MustChangePassword>true</MustChangePassword>
<DefaultBusinessUnit>MID</DefaultBusinessUnit>
<AssociatedBusinessUnits>
<BusinessUnit>
<ID>MID</ID>
</BusinessUnit>
</AssociatedBusinessUnits>
<Roles>
<Role>
<ObjectID>e83967d5-0723-e811-83f2-00110a66cf25</ObjectID>
</Role>
</Roles>
</Objects>
</CreateRequest>
</soap:Body>
</soap:Envelope>

Observe the error below:

<StatusMessage>User ####### does not have permission to edit ACCOUNTUSERS on account (MID)</StatusMessage>

Workaround
Authenticate with fuelauth using V1 installed package credentials or username/password credentials.

Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.