I currently use the Web API functionality in ePO to find a delete computers that have been retired as part of an overall automation process.
The current permission set gives a high level of permissions that the account used for this purpose doesn't need.
However looking at the information regarding the permissions required I've given the account the following:
Systems: edit system tree groups and systems, wake up agent, view agent activity log, view system tree tab.
System Tree access: Can search/access from My Organization downlevel.
Despite this in the audit log I see the message "Authorization failed" for the actions FindEPOComputers and Execute Query.
So, what's missing in terms of permissions? The account can logon without issue.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center