Is there a permission in JAZZ ro restrict Rest API use?
How do we control rest API use by general users with read/write access? We need more control on who can use the Rest API than just "Anyone with read/write access".
Some users need read\write access, but should NOT be trusted with full database access through the Rest API.
This has many implications on database security and stability.
Some users need read\write access, but should NOT be trusted with full database access through the Rest API.
This has many implications on database security and stability.
Accepted answer
One other answer
This is something I wish would get fixed as I have the same concerns. But it will be hard to fix - the only thing I could think of is adding another permission type and have the API validate the client that is making the call though this could be easily spoofed at least it would prevent the casual use of tools by users that don't know necessarily what they are doing with some tools.
Comments
Abraham Sweiss
Jun 19 '15, 12:23 p.m.I would think the rest api should honor the roles/permissions of the user calling the api. The first place I would look is defining roles or access control groups which limit what a user can access.
Thomas Stephens
Jun 19 '15, 12:33 p.m.The problem is, I cannot create permission that says You have read/write but not Rest API access. All or nothing.
sam detweiler
Jun 19 '15, 12:36 p.m.correct.. the same REST api you use in an external pgm is used by the web and eclipse clients.so there is nothing separate you can control