How to create a single public api using roles. Added a guest role & allowed access to component “*” for a service. It worked without login.
But when I change the component from * to a specific component say “_table/department/*”, its returns 401 Unauthorized.
Would be great if somebody could help me on this.
Tejas,
What version of DreamFactory are you working on?
We had a report similar to this which was fixed late last month. So, if you ran a git pull, it would get the latest code with the fix.
Please let me know about the version and I can guide further.
Sridhar
Hey @sridharsa,
Thanks for the reply. I have installed the DreamFactory through Bitnami Installer.
DreamFactory shown on the admin panel is 2.0.2
@tejas I duplicated this issue and will be filing a bug.
I was able to work around this issue though by changing the component access to “_table/department/” instead of “_table/department/*”
Clarification:
This is not a bug. The way the role access configuration works is thus.
_table/department/ allows you access to items at that level of the API (think like folder paths.) Get all records, user filters, etc.
_table/department/* allows you access to items in the next level of the of REST path. For SQL tables this individual records by id. I.e. GET on _table/department/4 retrieves the record whose ID is 4.
Hey @formerstaff,
Thanks for the info on how the Roles work.
My scenario is as follows:
Still getting the error "GET access to component ‘/_table/Y’ of service ‘XYZ’ is not allowed by this user’s role."
Error Code is 403
How can I handle this situation?
in your role, try adding access for both _table/Y and _table/Y/*
Hey @formerstaff,
Tried what you recommended. Didnt helped much.
Is the sequence of the provided access important?