Issue
When using a headless REST API endpoint to access an Organization related to a custom object, a 404 NOT_FOUND error returns for non-administrator users. This behavior occurs even if the user account's assigned role has explicit View permissions configured for both the custom object and the target Organization object.
For example, a user with active permissions to view a custom object named MyObject and to view Organizations successfully executes these calls:
/o/c/myobjects/{myObjectId}
/o/headless-admin-user/v1.0/organizations/{organizationId}However, when attempting to access the organization through the related object connection endpoint, the call fails with a 404 error:
/o/c/myobjects/{myObjectId}/{relationshipToOrganization}Environment
- Liferay DXP 2025.Q1
Resolution
The 404 error occurs because a required baseline application definition permission is missing. To resolve this issue, you must grant the user account's designated role the View permission for Object Definitions.
Follow these steps to add the necessary permission:
- Open the Global Menu, go to the Control Panel tab, and click Users → Roles.
- Select the role assigned to the user account.
- Click the Define Permissions tab.
- In the permissions application list on the left, navigate to Control Panel → Objects.
- Locate Object Definition within the list and grant the View permission checkbox.
- Click Save.
After adding this permission, the user account successfully accesses the relationship endpoint.