We have been building some automation on behalf of a client (domain `one-bemobi`), to create and populate Atlassian teams to be used in compass from some external data source. Our customer is on a paid plan.
We used the `/gateway/api/public/teams/v1/org/{org_id}/teams/` endpoint to create the teams, but originally made the mistake of creating the teams as "member invite" rather than "open". The user account whose token we are using is no longer part of these teams, and as a result we can no longer manage these teams via the API (we cannot add new members, nor change the team type to open) - so we have a bunch of "out-of-sync" teams that we can neither modify nor delete via the API.
The error we get when updating team members is:
[{
'code': 'UNAUTHORIZED_ACCESS',
'message': 'The user is not authorized to invite other members to the team.'
}]
Similarly, this is the error we get when updating the team membership type (patch request to `/gateway/api/v4/teams/{team_id}`):
{"messages":["Need to be a full member to perform this operation"]}
The user whose token we use is part of the following relevant groups (among others):
['administrators',
'atlas-admins-one-bemobi',
'compass-admins-one-bemobi',
'jira-administrators',
...
'site-admins',
'users'
]
However even with those, they aren't able to modify the membe invite teams.
Within a different organisation, we use a token that belongs to `org-admins` and that works correctly - it lets us perform those team update operations.
I am wondering what is the correct permission/group that the user should be a part of (I think `org-admin` is not an option in that case), and recommended steps to sort this out.