It's all about the answers!

Ask a question

Is there a permission in JAZZ ro restrict Rest API use?


Thomas Stephens (1731818) | asked Jun 19 '15, 11:58 a.m.
How do we control rest API use by general users with read/write access? We need more control on who can use the Rest API than just "Anyone with read/write access".
Some users need read\write access, but should NOT be trusted with full database access through the Rest API.
This has many implications on database security and stability.

Comments
Abraham Sweiss commented Jun 19 '15, 12:23 p.m.

I would think the rest api should honor the roles/permissions of the user calling the api.  The first place I would look is defining roles or access control groups which limit what a user can access.


Thomas Stephens commented Jun 19 '15, 12:33 p.m.

The problem is, I cannot create permission that says You have read/write but not Rest API access. All or nothing.


sam detweiler commented Jun 19 '15, 12:36 p.m.

correct.. the same REST api you use in an external pgm is used by the web and eclipse clients.so there is nothing separate you can control

Accepted answer


permanent link
Abraham Sweiss (2.4k1031) | answered Jun 19 '15, 1:06 p.m.
I would suggest to open a RFE at https://www.ibm.com/developerworks/rfe/
This way the product managers can let us know if this is possible.

Thomas Stephens selected this answer as the correct answer

One other answer



permanent link
David Mehaffy (90122536) | answered Jun 19 '15, 12:50 p.m.
JAZZ DEVELOPER
This is something I wish would get fixed as I have the same concerns.  But it will be hard to fix - the only thing I could think of is adding another permission type and have the API validate the client that is making the call though this could be easily spoofed at least it would prevent the casual use of tools by users that don't know necessarily what they are doing with some tools.

Comments
sam detweiler commented Jun 19 '15, 1:05 p.m.

you'd have to have a private and a public api, then you can apply rules to both.

because there is only one, and its used for everything, you cannot filter requests

Your answer


Register or to post your answer.