Configure a scripted REST API resource to require an ACL

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • By default, API resources/endpoints inherit security settings from the parent API. Define custom Access Control Levels (ACLs) for a specific resource/endpoint to override the inherited settings.

    Avant de commencer

    Role required: web_service_admin or admin

    Pourquoi et quand exécuter cette tâche

    The ACLs defined using the procedure in this document are only checked for authenticated users.

    Procédure

    1. Navigate to All > System Web Services > Scripted REST APIs.
    2. Select a scripted REST API.
    3. In the Resources related list, select a resource.
    4. In the Security tab, select the Requires authentication check box.
      You must select this check box to require an ACL for the resource. If you clear this check box, the resource becomes public and requires no credentials. Clear this check box only if you want to enable unauthenticated requests to access the resource, even if the parent REST service requires an ACL.
    5. Select the Requires ACL authorization check box.
    6. In the ACL field, select one or more ACLs that meet the security needs for the endpoint.
      Select only those ACLs that have a Type of REST_Endpoint. Only users who have roles defined in the selected REST_Endpoint type ACL are granted access to this resource.

      Selecting an ACL for a resource overrides any ACLs selected for the parent web service. Leave this field empty to use the ACLs selected for the parent web service.