cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you know you can set a signature that will be added to all your posts? Set it here! X

Restrict user from executing service from postman

MM_9023322
14-Alexandrite

Restrict user from executing service from postman

Hi all,

I have created a user and an appkey with the user reference name. I want to restrict the user from executing the service which is bound to the mashup from mashup. The user should be able to see only the mashup but when he tries to execute any service should give some kind of error. 

 

In order to achieve so, I gave restrictions on service execute from the permissions for that thing, but I am getting errors in the mashup.

 

Thank you!

1 REPLY 1
abjain
13-Aquamarine
(To:MM_9023322)

@MM_9023322 : When we restrict a run time permission for a particular service for a user , than while viewing the mashup , if that service is used somewhere in the mashup, then that user will definitely see an error(since we have restricted the run time execution for that service). In this case , the user wont be able to execute the service from postman as well. The point here is that security for REST should be made with objects visibility and runtime/designtime permissions. Hence I think your use case looks conflicting to me. One thing which I can suggest is that you can block external REST calls to your thingworx server altogether. I would also suggest you to go through the following post: https://community.ptc.com/t5/ThingWorx-Developers/Limit-REST-calls/td-p/658812 

Top Tags