Restrict REST callbacks by robot

Discussion created by Superna on Sep 21, 2013

I have a question about restricting access to probe callbacks through the REST api.  


In the infrastructure manager, I created an ACL with the following three permissions:


- Alarm Details

- Basic Management

- Web Service


on the ACL, I set an Infrastructure Filter to only allow access to all probes on a single robot.


However, when authenticating as a user linked only to this ACL, I can still retrieve the list of all robots in the system, and execute callbacks on probes that are not within scope of the ACL.  


I would expect that the RESTful webservice would block my user from executing callbacks on probes that he does not have access to.  Am I going about this the right way?  Is there another way to accomplish this? 


Thanks for any insight anyone can provide.