I have a question about restricting access to probe callbacks through the REST api.
In the infrastructure manager, I created an ACL with the following three permissions:
- Alarm Details
- Basic Management
- Web Service
on the ACL, I set an Infrastructure Filter to only allow access to all probes on a single robot.
However, when authenticating as a user linked only to this ACL, I can still retrieve the list of all robots in the system, and execute callbacks on probes that are not within scope of the ACL.
I would expect that the RESTful webservice would block my user from executing callbacks on probes that he does not have access to. Am I going about this the right way? Is there another way to accomplish this?
Thanks for any insight anyone can provide.