How to deny access to users for rest api services

Hi,

/services/{serviceName}/{methodName} for this api how to deny access to only particular users.

In Roles -in the entities blog for Test1 denied all the crud operations. calling the below api /entities/webservicepoc$Test1
Then the output: {
“error”: “Reading forbidden”,
“details”: “Reading of the webservicepoc$BookingDetails is forbidden”
}

But when i call /services/webservicepoc_Test1Service giving the below output.
{
"_entityName": “webservicepoc$Test1”,
"_instanceName": “”,
“id”: “2a0409f8-e8ce-3d83-c495-b9663abd6c29”
}

What could i do to get error msg: reading forbidden for the same user.

Thanks!!

Hi,

Service Method Invocation works without security rules. You can check specific permissions in your service or load object using secure DataManager https://doc.cuba-platform.com/manual-6.8/dm_security.html) in your service.