I have set up a service to our MS Active Directroy. This works and the right users may log in now. In the service I define a “Guest” role as default. Everything’s fine so far.
The Guest Role has access to service1, which is a connection to a MS SQL Server. It has GET and PUSH acces to _proc/*. No other access is granted.
I have a small WebApp (App1) hosted on dreamfactory. The user logs in through the ADservice, gets the default role “Guest” and App1 works as expected.
Now I have a second service2, which is a connection to a different MS SQL Server. I also have a second WebApp (App2) which interacts with service2.
I have no role created, which has access to service2. So I think no user (only admins) should be able to access service2.
The login for App2 is also set up with ADservice. So the login works but the logged in user has the role “Guest” and should not be able to connect to service2. But App2 works perfectly and all requests to service2 are okay.
This shouldn’t be possible?!? The “Guest” role does not have access to service2.
Ps. “Assign a Default Role” is set to “no role” for App2.