Idea ID: 2697704

REST API security issue

Status : Declined
over 1 year ago

As soon as a user have a role/right in SMAX, he can use the REST API  to insert,update and query any data in SMAX, accordingly to his permission.

Since the documentation is available thru the web, it is very simple to do.

I want an option in the "role definition" that manage the REST API capability.



  • Michel,

    We can't universally block access to the REST API as that is how the UI interacts with the backend.  Also, a user will not be able to access any records or actions through the REST API that they aren't able to access through the UI.  If you have a specific scenario or use case where you think that more access is provided than is appropriate, please submit that as a new Idea.

    Thanks, Steve