Is there a permission in JAZZ ro restrict Rest API use?
![]()
How do we control rest API use by general users with read/write access? We need more control on who can use the Rest API than just "Anyone with read/write access".
Some users need read\write access, but should NOT be trusted with full database access through the Rest API. This has many implications on database security and stability. |
Accepted answer
![]()
I would suggest to open a RFE at https://www.ibm.com/developerworks/rfe/
This way the product managers can let us know if this is possible. Thomas Stephens selected this answer as the correct answer
|
Comments
I would think the rest api should honor the roles/permissions of the user calling the api. The first place I would look is defining roles or access control groups which limit what a user can access.
The problem is, I cannot create permission that says You have read/write but not Rest API access. All or nothing.
correct.. the same REST api you use in an external pgm is used by the web and eclipse clients.so there is nothing separate you can control