NOOB REST questions


I am about to set up a REST interface into a database for the first time. I only want to allow certain entities to be queried and only certain fields to be returned from those entities.

I don’t want anybody to be able to query metadata for anything but the entities/fields I allow.

How is this done? How do I disable the default CRUD capabilities?


if you are talking about the generic rest API: what a user can or cannot do depends on the roles that are associated with this user. So you can create a role that only allows access to the entities and the operations that the user should.

Here are some examples on how to work with the security subsystem:


OK, so it isn’t at the REST level but at the Cuba security level? I am worried about metadata queries too. Do they get limited as well?

I started at this page:

For example, it shows a GET for /metadata/entities? Will it only show the entities that the user has permission to access?