Allow to restrict access to POST endpoints #670
Assignees
Labels
enhancement
New feature or request
Comments
|
Branch issue-670-Allow_to_restrict_access_to_POST_endpoints created! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently, despite of DELETE, all endpoints are secured on a true/false basis, i.e., if someone has accepted credentials, schemas and documents can be created without restriction. In order to be able to restrict the proliferation of arbitrary numbers of schemas (and documents) in a single instance of MetaStore, a more fine-grained restriction also of POST endpoints should be possible.
Describe the solution you'd like
The easiest solution might be to allow to configure access to POST endpoints (POST /api/v2/schemas/ and POST /api/v2/metadata/) via WebSecurityConfig and application.properties There could be for example a configurable role reflected via groupId, which enables the caller to access these endpoints.
Describe alternatives you've considered
For the time being, this could also be covered on the UI level, but access to the API will still be "unrestricted" in that sense.
The text was updated successfully, but these errors were encountered: