[rt-users] REST permissions? write-only?
Kevin Falcone
falcone at bestpractical.com
Mon Oct 7 11:01:21 EDT 2013
On Wed, Oct 02, 2013 at 08:39:24PM -0500, Brian Bowles wrote:
> Is there a way I could just globally turn off all the read capability to the REST server?
> Basically I have data I wish to keep private and it would be a security risk if someone can
> read tickets using REST. I believe I can fix this with permissions but I'd rather just
> completely remove any read capability to the REST server and just use it to create new
> tickets. A 'drop box' if you will from a web front-end. Any ideas?
The REST interface requires a username/password. If your users have
access to the data in the web interface, they have access to it via
REST. If you correctly limit your permissions in the web interface,
that will carry over to REST.
If you really need to lock down REST, your best bet is to block access
at the web server level from anything otehr than your drop box
creation servers.
-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20131007/0d1d7e4a/attachment.sig>
More information about the rt-users
mailing list