Home Community Discussion Forums Most Active Software Boards SystemLink Community Hub Engage SystemLink Forum Topic

SystemLink Forum

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to prevent other user from accessing HTTP API

How to prevent other user from accessing HTTP API

‎12-30-2021 05:23 AM

Labels:

Is there a way to prevent other user (e.g. collaborator) from accessing HTTP API?

HTTP API.jpg

 

We want to prevent them from i.e. listing users, listing policies or workspaces, etc.

0 Kudos
Message 1 of 3
(1,312 Views)
Reply

Re: How to prevent other user from accessing HTTP API

‎01-04-2022 08:46 AM

Hi ThamS, 

 

While we don't limit access to that page, the privileges of the logged in user will prevent them from executing HTTP APIs they do not have granted access to. Said another way, SystemLink access control is not just on the front end web application. Privileges are evaluated within the backend services and access is limited there as well. This is part of our defense in depth strategy for SystemLink RBAC. 

 

Refer to https://operations.systemlink.io/rbac/rbac/ for details. 

Mark
NI App Software R&D
0 Kudos
Message 2 of 3
(1,270 Views)
Reply

Re: How to prevent other user from accessing HTTP API

‎03-14-2022 01:41 AM

We want to limit any normal users (e.g. as collaborators) for not able to get/know list of Users.

because currently if they logged in and run the API for Query Users (POST ​/users​/query Query the users)
they could list all of the Users.
How to prevent it?
0 Kudos
Message 3 of 3
(1,142 Views)
Reply