How to set up rules to acces only by one record?

Victor_ViaPrint · February 4, 2019, 12:35pm

Hi,
I am using Bitnami DreamFactory 2.14.1-7 vmdk
I need to restrinct Querying by a single record, by ID (or other parameter), NOT to allow to list all table (!!).

In [Roles] set up rules :
Service = MySQL
Component = /api/v2/mysql/_table/todo/*

I’m expecting the result :
/api/v2/mysql/_table/todo = “Unauthorized. User is not authenticated.”
/api/v2/mysql/_table/todo/* = OK

Unfortunatly the result “/api/v2/mysql/_table/todo” works and list all table.
What I do wrong ?
How to fix it ?
How to set up rules to acces only by one record ?
Thanks.

jps · February 6, 2019, 2:43pm

If you only allow /api/v2/mysql/_table/todo/*, that should work. If /api/v2/mysql/_table/todo is still allowed, check all your permissions, user level too, it is probably still allowed somewhere. A dirty workaround could be to add a filter to /api/v2/mysql/_table/todo, one that allows nothing through.

Topic		Replies	Views
Stored Procedure and Record Level Access Control with Server-Side Filters REST API	1	1783	September 20, 2016
Using INNER JOIN and GROUP BY to help filter a Rest Get request REST API	6	6324	July 22, 2014
API docs not rendering for a user with a role with a single Oracle table REST API	0	1137	July 6, 2020
Multi primary key & one record REST API	3	2849	February 19, 2019
Record-level access control with MongoDB Connecting to NoSQL	2	3358	June 22, 2016

How to set up rules to acces only by one record?

Related Topics