Idea ID: 2808039

REST-API: It should be possible to give users "read only" access rights for UCMDB REST-API

Status : Accepted

Great news, this idea has been accepted on our product roadmap. Subscribe to receive updates. (This is not a formal commitment, and subject to change)


See status update history
over 1 year ago

When using the UCMDB REST-API it should be possible to give users "read only" access rights. Currently you need an integration user with "server administration privilege" for that.

Tags:

Labels:

API
  • We have the Same Idea:

    REST-API: Read Online 

    ID280839

     

    Yours

    Christoph

     

  • Hi all,

    When setting up an integration user in ucmdb that is able to connect to the API, it has to be a superadmin to connect to the API. This off course grants the user unlimited rights in the application. It would be nice to have a way to use the API access, and still limmit functions for the user. Example: being able to create CI's and create relationships, but not being able to change infrastructure settings or logon to UI as a normal user. This would greatly improve security.

    Kind regards,

    Ron Bocken

    Team R2F- Zeus - Achmea

  •  : seems to be a duplicate of this one?

    https://community.microfocus.com/t5/Universal-Discovery-CMDB-Idea/Ability-to-define-an-API-account-as-Read-Only/idi-p/1654450

    can u pls update on the status? thanks daniel

  • Hi Michael,

    thank you for the Feedback. in the next step we want to restrict the rest-api call only to read informations from the ucmdb. this was the idea to restrict "read-only" by accessing the rest-api.

    is it also possible ?

    Yours

    Christoph

  • Hi Christoph,

    here we go:

    Added an Authorization Filter at REST-API level that is activate based on a setting.

    Configuration: In order to activate the filter, please go to \UCMDBServer\conf => rest_api.properties and add the following setting:

    #check for access to SDK permission
    restrict_access_to_sdk=true

    If the setting is set to TRUE, then only users with “Access to SDK” permission will be able to successfully execute rest-api calls.

    The others will receive the Response status UNAUTHORIZED(401, "Unauthorized"), the following error message: “User is not authorized to access the SDK”. If the setting is not present in the properties file, its OOTB value is FALSE.

    Have a nice day,
      Michael