Pivotal Knowledge Base


PWS - the CLI returns an "error code: 10003" and/or "status code: 403"


Pivotal Web Services (PWS): All versions 


When running one of the following command with the cf command line client, you receive an error: 

Error Message:

"error code: 10003, message: You are not authorized to perform the requested action"

"Server error, status code: 403, error code: access_denied, message: Access is denied"

"Server error, status code: 403, error code: 10003, message: You are not authorized to perform the requested action"

  • to create and modify buildpacks (create-buildpack, update-buildpack, rename-buildpack and delete-buildpack)
  • to modify users (create-user, delete-user)
  • to create and modify organizations (create-org, delete-org, set-quota, create-quota, delete-quota and update-quota)
  • service administration (service-auth-tokens, create-service-auth-token, update-service-auth-token, delete-service-auth-token, service-brokers, create-service-broker, update-service-broker, delete-service-broker, rename-service-broker, migrate-service-instances, purge-service-offering)
  • security groups administration (security-group, security-groups, create-security-group, update-security-group, delete-security-group, bind-security-group, unbind-security-group, bind-staging-security-group, staging-security-groups, unbind-staging-security-group, bind-running-security-group, running-security-groups, unbind-running-security-group)
  • create or delete shared domains (create-shared-domain, delete-shared-domain)
  • enable or disable the use of a feature so that users have access to and can use the feature (feature-flags, feature-flag, enable-feature-flag, disable-feature-flag)
  • org quotas (create-quota)


PWS is built on Cloud Foundry and uses the latest CF CLI application. This application supports individual developer actions and cloud-wide actions. Those cloud-wide or org-wide actions are not permitted for PWS subscribers.  

The commands that are NOT available to PWS users are listed above.


Some of the administration commands that are not allowed using the cf cli application can be performed through the developer console. For example, you can utilize the console to create new orgs, invite users to those orgs and manage user permissions.



Powered by Zendesk