© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Though 401 is the code for "Unauthorized" in the HTTP specification, it's typically used to communicate that you're lacking valid credentials, not for whether you have discrete permissions on some resource. Usually 403 is used in this case to communicate that they are a valid user, but they do not have permissions to perform the action on the specified resource.
https:/
As a result, I think it makes sense to change to using 403 Forbidden when the valid user does not have permissions for the specified action on the specified resource.