Path-based Access Control Levels (ACLs) enable you to define access control rules for scripted REST API endpoints using their resource path. This can be done independently of the ACL references on the operation record.
Path-based ACLs enable more flexible security configurations, especially for read-only APIs and guest user experiences.
Avant de commencer
Role required: admin
Procédure
-
Navigate to
-
Locate your API and expand the methods.
-
Select the menu icon next to the method that you want to check.
-
Select View Resource ACLs.
-
Review the list of path-based ACLs protecting that endpoint.
ACL interaction rules:
- No Overriding: Path-based ACLs do override operation-referenced ACLs or other path-based ACLs.
- All Must Pass: All applicable ACLs must evaluate to true for access to be granted.
- Owner Control: If the API owner has restrictive ACLs, your path-based ACLs can’t bypass them.