How to restrict get rest api for few fields on incident and user table

Vinitar
Tera Contributor

‎06-04-2024 09:50 AM

Hi Team ,

 

I need to restrict read rest api for  few field in incident and user table ,what approach i can use?

 

0 Helpfuls
  • 658 Views
3 REPLIES 3

AshishKM
Kilo Patron
Kilo Patron

‎06-04-2024 09:53 AM

Hi @Vinitar , 

Add more read ACL on that table's field and apply the required role or scripted conditions.

 

-Thanks,

AshishKM


Please mark this response as correct and helpful if it helps you can mark more that one reply as accepted solution
0 Helpfuls

Vinitar
Tera Contributor
In response to AshishKM

‎06-04-2024 08:47 PM

Hi Ashish,

 

I have create a read ACL for name field on user table and create a new role too also assign this role to integration user still while testing with postman I can see all field in the response.What's wrong here?

 

Vinitar_0-1717559140468.png

Below role i have given to my user

Vinitar_1-1717559231460.png

 

0 Helpfuls

Sandeep Rajput
Tera Patron
Tera Patron
In response to Vinitar

‎06-04-2024 09:10 PM

@Vinitar It seems that there are more than one read ACLs created on your table one of which might be granting the read permissions to the API user due to which all fields are shown. I recommend using access analyzer to find the ACL which is granting the additional accessess. 

 

Also, please check if there is any sys_user.* read ACL, if there is one it might be giving the read access on the name field.

0 Helpfuls