Superna

Restrict REST callbacks by robot

Discussion created by Superna on Sep 21, 2013

I have a question about restricting access to probe callbacks through the REST api.  

 

In the infrastructure manager, I created an ACL with the following three permissions:

 

- Alarm Details

- Basic Management

- Web Service

 

on the ACL, I set an Infrastructure Filter to only allow access to all probes on a single robot.

 

However, when authenticating as a user linked only to this ACL, I can still retrieve the list of all robots in the system, and execute callbacks on probes that are not within scope of the ACL.  

 

I would expect that the RESTful webservice would block my user from executing callbacks on probes that he does not have access to.  Am I going about this the right way?  Is there another way to accomplish this? 

 

Thanks for any insight anyone can provide. 

Outcomes