Limit API Access to an account

Avatar

Avatar

szymons55769873

Avatar

szymons55769873

szymons55769873

12-01-2020

Hello

 

I was wondering if there is a possibility to limit account's access rights in a way that would allow only reading ONE particular schema and nothing else. Either SOAP API or jssp is fine.

Additionally, is it possible to track exactly how often and how much data the user is obtaining with the API calls?

 

Kind regards

 

 

View Entire Topic

Avatar

Avatar

szymons55769873

Avatar

szymons55769873

szymons55769873

14-01-2020

@wodnicki 

Thanks, I'll check that out.

 

As for the "nothing else", I would also like to limit one's ability to use factory schemas like xtk:session's methods, because if the user has access to those, he'd be able to do Write, so essentially insert/delete as well.

 

Also, what do you mean by cosmetic and what does the documentation mean by "This restriction applies only to non technical users: a technical user, with related permissions, or using a workflow, will be able to retrieve and update data."? That this can be easily bypassed if a user really wants to?

 

Kind regards, Szymon