REST API security issue

Idea ID 2697704

REST API security issue

0 Votes

As soon as a user have a role/right in SMAX, he can use the REST API  to insert,update and query any data in SMAX, accordingly to his permission.

Since the documentation is available thru the web, it is very simple to do.

I want an option in the "role definition" that manage the REST API capability.


Tags (2)
1 Comment
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
Status changed to: Declined


We can't universally block access to the REST API as that is how the UI interacts with the backend.  Also, a user will not be able to access any records or actions through the REST API that they aren't able to access through the UI.  If you have a specific scenario or use case where you think that more access is provided than is appropriate, please submit that as a new Idea.

Thanks, Steve

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.