I'm triggering puppetruns through the Foreman API like so:

curl -XPUT -u "myuser:mypassword" https://foreman/api/hosts/testhost/puppetrun

"myuser" has the puppetrun_hosts permission (unlimited) through an assigned role. This used to work when our setup was running v1.17, but sometime between then and upgrading (through intermediaries) to v1.20.1, I get this error response instead:

{
"error": {"message":"Access denied","details":"Missing one of the required permissions: "}
}

I'm not sure if it's meant to be required, but the user also has unlimited view_hosts and a few other permissions.

If the permission requirements have indeed changed, then there is at least a bug here where the required permissions aren't being reported properly.

It works when making the same API call with an admin user - is there a permission I can add to the non-admin user to make this work in Foreman 1.20?