How to set up rules to acces only by one record?

Victor_ViaPrint · February 4, 2019, 12:35pm

Hi,
I am using Bitnami DreamFactory 2.14.1-7 vmdk
I need to restrinct Querying by a single record, by ID (or other parameter), NOT to allow to list all table (!!).

In [Roles] set up rules :
Service = MySQL
Component = /api/v2/mysql/_table/todo/*

I’m expecting the result :
/api/v2/mysql/_table/todo = “Unauthorized. User is not authenticated.”
/api/v2/mysql/_table/todo/* = OK

Unfortunatly the result “/api/v2/mysql/_table/todo” works and list all table.
What I do wrong ?
How to fix it ?
How to set up rules to acces only by one record ?
Thanks.

jps · February 6, 2019, 2:43pm

If you only allow /api/v2/mysql/_table/todo/*, that should work. If /api/v2/mysql/_table/todo is still allowed, check all your permissions, user level too, it is probably still allowed somewhere. A dirty workaround could be to add a filter to /api/v2/mysql/_table/todo, one that allows nothing through.

Topic		Replies	Views
Create only One Public API Users & Roles	7	2912	December 21, 2015
Record-level security: advanced filters and non-GET requests REST API	2	3656	October 21, 2015
Get only latest 5 records REST API	1	1595	June 26, 2017
Stored Procedure and Record Level Access Control with Server-Side Filters REST API	1	1812	September 20, 2016
How to implement data access based on a table with user's permissions Authentication & Security	1	5197	October 23, 2014

How to set up rules to acces only by one record?

Related topics