NOOB REST questions

Hello:

I am about to set up a REST interface into a database for the first time. I only want to allow certain entities to be queried and only certain fields to be returned from those entities.

I don’t want anybody to be able to query metadata for anything but the entities/fields I allow.

How is this done? How do I disable the default CRUD capabilities?

Hi,

if you are talking about the generic rest API: what a user can or cannot do depends on the roles that are associated with this user. So you can create a role that only allows access to the entities and the operations that the user should.

Here are some examples on how to work with the security subsystem: https://www.road-to-cuba-and-beyond.com/cuba-security-subsystem-distilled/

Bye
Mario

OK, so it isn’t at the REST level but at the Cuba security level? I am worried about metadata queries too. Do they get limited as well?

I started at this page: http://files.cuba-platform.com/swagger/#/Metadata

For example, it shows a GET for /metadata/entities? Will it only show the entities that the user has permission to access?