How to deny access to users for rest api services

sushma.nainakanti · May 10, 2018, 12:23pm

Hi,

/services/{serviceName}/{methodName} for this api how to deny access to only particular users.

In Roles -in the entities blog for Test1 denied all the crud operations. calling the below api /entities/webservicepoc$Test1
Then the output: {
“error”: “Reading forbidden”,
“details”: “Reading of the webservicepoc$BookingDetails is forbidden”
}

But when i call /services/webservicepoc_Test1Service giving the below output.
{
"_entityName": “webservicepoc$Test1”,
"_instanceName": “”,
“id”: “2a0409f8-e8ce-3d83-c495-b9663abd6c29”
}

What could i do to get error msg: reading forbidden for the same user.

Thanks!!

subbotin · May 15, 2018, 9:11am

Hi,

Service Method Invocation works without security rules. You can check specific permissions in your service or load object using secure DataManager Security in DataManager - CUBA Platform. Developer’s Manual) in your service.