Hello:
I am about to set up a REST interface into a database for the first time. I only want to allow certain entities to be queried and only certain fields to be returned from those entities.
I don’t want anybody to be able to query metadata for anything but the entities/fields I allow.
How is this done? How do I disable the default CRUD capabilities?
Hi,
if you are talking about the generic rest API: what a user can or cannot do depends on the roles that are associated with this user. So you can create a role that only allows access to the entities and the operations that the user should.
Here are some examples on how to work with the security subsystem: CUBA Security Subsystem Distilled – Road to CUBA and beyond...
Bye
Mario
OK, so it isn’t at the REST level but at the Cuba security level? I am worried about metadata queries too. Do they get limited as well?
I started at this page: Swagger UI
For example, it shows a GET for /metadata/entities? Will it only show the entities that the user has permission to access?