Add a path-based ACL for a scripted REST API
Path-based Access Control Levels (ACLs) enable you to define access control rules for scripted REST API endpoints using their resource path. This can be done independently of the ACL references on the operation record. Path-based ACLs enable more flexible security configurations, especially for read-only APIs and guest user experiences.
始める前に
Role required: security_admin or admin
Additional requirement: the full resource path from the API's SysWS operation record (found in the "Resource path" field)
このタスクについて
Path-based ACLs are defined in the sys_security_acl table with the type "REST Endpoint" and apply to specific REST API resource paths. Unlike operation-referenced ACLs (which only apply when "Requires authentication" is checked), path-based ACLs are evaluated for every request to matching resource paths.
When to use Path-Based ACLs:
- You must add security to a read-only API that you can’t modify
- You want to enable guest access to public APIs with controlled authorization
- You must grant access based on custom roles not defined in the original API
- You want to add security layers without modifying the original API record
Important: Path-based ACLs work alongside operation-referenced ACLs, not in place of them. All applicable ACLs must pass for access to be granted.
手順
タスクの結果
The path-based ACL is active and will be evaluated for any requests to this resource path.