+2
User has restricted menus and functions to READ only. Example Request or Product
Using API calls with the same user the same data can be modified. Expectation is: since the user has READ only this should not be possible
How to you handle the roles /rights in order to avoid this issue?
Can you reproduce also in your systems?
We use FSM 6.5
Thank you already for any useful feedback!
+24
Hi
Would you be able to advise what specific update went through via the API that should not have and what related functions you have set to read only?
This will help to determine if this is a setup issue or something more appropriately investigated as a support case.
Kind regards,
Lee Pinchbeck
+2
Hi Lee
Yes. Simple scenario - in the role set function and menu Task to READ only. Over client you can’t do any changes.
Then post API call as
<update_task>
<task>
<task_id>xxxx</task_id>
<description> test - API call</description>
</task>
</update_task>
The change is done even if the rights in the role are saying READ only.
Best Regards
Monica
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
