Api failed because user role does not have access to the resource

Yea, we intentionally siloed the client_credentials grant to using the FHIR apis. The security review by the admin team felt standard apis weren’t built at that time to handle an unrestricted super admin that bypasses all the ACL checks.

Right now client_credentials locks you down to that system user role, users and patients roles are established through one of the other grant types. I recognize this is probably going to be a pain point for what you are trying to do.

I’d like to revamp that whole permissions check (which as you can tell is pretty gnarly), but I haven’t been able to get it yet.