SystemLink Forum

cancel
Showing results for 
Search instead for 
Did you mean: 

How to prevent other user from accessing HTTP API

Is there a way to prevent other user (e.g. collaborator) from accessing HTTP API?

HTTP API.jpg

 

We want to prevent them from i.e. listing users, listing policies or workspaces, etc.

0 Kudos
Message 1 of 3
(1,197 Views)

Hi ThamS, 

 

While we don't limit access to that page, the privileges of the logged in user will prevent them from executing HTTP APIs they do not have granted access to. Said another way, SystemLink access control is not just on the front end web application. Privileges are evaluated within the backend services and access is limited there as well. This is part of our defense in depth strategy for SystemLink RBAC. 

 

Refer to https://operations.systemlink.io/rbac/rbac/ for details. 

Mark
NI App Software R&D
0 Kudos
Message 2 of 3
(1,155 Views)
We want to limit any normal users (e.g. as collaborators) for not able to get/know list of Users.

because currently if they logged in and run the API for Query Users (POST ​/users​/query Query the users)
they could list all of the Users.
How to prevent it?
0 Kudos
Message 3 of 3
(1,027 Views)