When using the UCMDB REST-API it should be possible to give users "read only" access rights. Currently you need an integration user with "server administration privilege" for that.
When setting up an integration user in ucmdb that is able to connect to the API, it has to be a superadmin to connect to the API. This off course grants the user unlimited rights in the application. It would be nice to have a way to use the API access, and still limmit functions for the user. Example: being able to create CI's and create relationships, but not being able to change infrastructure settings or logon to UI as a normal user. This would greatly improve security.
Team R2F- Zeus - Achmea
here we go:
Added an Authorization Filter at REST-API level that is activate based on a setting.
Configuration: In order to activate the filter, please go to \UCMDBServer\conf => rest_api.properties and add the following setting:
#check for access to SDK permission
If the setting is set to TRUE, then only users with “Access to SDK” permission will be able to successfully execute rest-api calls.
The others will receive the Response status UNAUTHORIZED(401, "Unauthorized"), the following error message: “User is not authorized to access the SDK”. If the setting is not present in the properties file, its OOTB value is FALSE.
Have a nice day,