We have a few users who only need API Token access to edit DNS and Page Rules. I do not want them to have Administrator access.
Regardless of the combination of user permissions (not including admin or super admin), the user would always get the following error when trying to create an api token with DNS edit, Page Rule edit, and specific to a single zone:
‘Failed common permission check against resources. (Permission group: “Page Rules Write”) (Code: 1001)’
I eventually select ALL permissions, except Admin and Super Admin and the user still received the same error when creating the API token.
I then removed all access and assigned only ‘Administrator’ to the user, and he was then able to create the API token with the permissions described above.