RQM v4.0.2 How To Restrict The Use Of API To Prevent Misuse?
Our users are allowed to run reports or load artifacts using the utilities written by our team (RQM Admin Team). But some end users with programming background wrote their own scripts by calling API, they pulled and uploaded, and this becomes a big risk for us as they can delete, they can consume a lot of resources and etc.
What should we do to prevent users running their own scripts? or what should we do to prevent users directly (not using RQM user interface) access database?
One answer
Comments
Thanks Vidya,
If I do not allow a user to API upload test case, that means he can't upload even if he uses the scripts written by me, right? If this is the case, this is not what I want.
Some users have been writting/testing/debugging their own scripts on production without letting us know. This is a big risk for us. I once wrote a script to delete a user but when I tested it I deleted all users. Luckily I knew how to get them back, but not every user knew how to recover from their mistake. Currently we only knew they were doing things like that when they approached us and told us they encountered a problem and they need us to help out, and every time when this happened, we got shocked because of the risk.
Right, the users won't be able to update artifacts using API calls in any script with their user id if not having XML Import permission. I misunderstood your original question. I can't think of a way to prevent users from running only selective scripts as per your requirement.