{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • BaaS/Usergrid /
This question was closed Nov 15, 2017 at 02:14 PM by Sid for the following reason: The question is answered, right answer was accepted
avatar image
0
Question by Sid · Nov 01, 2017 at 09:57 PM · 90 Views permissionsuser roles

BaaS allows user to POST even if the permission is set to GET only.

Hello All, I am creating a collection say 'orders' in BaaS. The goal is to create a User who has only GET permission and should not be able to create / update the collection. Here are the steps:

1. Created a New App in Baas.
2. Created a new collection Orders.
3. Created a Role-1 with Read Only permissions (only GET)
4. Created a User-1 and assign Role-1 to it.

I generate a token using grant_type = password and successfully gets a token back.

Using this token I fire a GET on postman and successfully gets the orders.

However, when I try to to POST the data, the Baas still allows me to create new Order (even though the User-1 as only GET permission)

Is there any step I am missing here ?

Thanks
Syd

Comment
Add comment Show 1
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Dino ♦♦   · Nov 01, 2017 at 11:47 PM 1
Link

Are you certain that your permissions are set as you describe?

And are you certain that you are using the same token in each case?

To check the roles & permissions in BaaS, you can visit

https://appservices.apigee.com/#!/roles

Can you show us what you see there? I want to see all the roles defined, and then for the User-1, I want to see all roles attached to that user.

Alternatively, invoke the API to request those permissions, like this:

curl -i https://apibaas-trial.apigee.net/ORGNAME/APPNAME/roles/ROLE/permissions

I want to see that output for each role in the app. And then also:

curl -i https://apibaas-trial.apigee.net/ORGNAME/APPNAME/users/User-1/roles

You will need to provide appropriate authentication credentials there , for those queries. You can use the app credentials. That means you must append query params client_id and client_secret to that url.

curl -i https://apibaas-trial.apigee.net/ORGNAME/APPNAME/users/User-1/roles?client_id=foobar\&client_secret=bahBlag

Close

2 Answers

  • Sort: 
avatar image
0
Best Answer

Answer by Nkcubeko Jamela · Nov 02, 2017 at 09:49 AM

@Syd

On your BaaS under role section as shown on the picture 1.png, remove all the default role and be left with the role you created and set your permission path to /* or any wild card of you choice

.

Under the user section, select your user then under Groups,Roles and permissions select role and select your role eg. 2.png. It should be able to get only


1.png (27.4 kB)
2.png (37.6 kB)
Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
0

Answer by Sid · Nov 02, 2017 at 01:58 PM

Hello @Dino & @Nkcubeko Jamela : Thanks for your looking into it. I started fresh & followed the steps you guys mentioned. Its working as expected. However I am not sure what I was doing wrong earlier. Probably some oversight on my end. Attaching my steps as screenshots in the zip which I executed today and it worked just fine :-) Kindly review if you get a chance.

Thanks Again
Syd
steps1-6.zip


steps1-6.zip (1.6 MB)
Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Sid · Nov 02, 2017 at 02:25 PM 0
Link

I observed that if I delete 'guest' , 'default' roles then it works, else it does not.

Follow this Question

Answers Answers and Comments

34 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Can we update the permissions in BaaS? 2 Answers

Is there a BaaS API way to add an array of permissions to a role with one call? 0 Answers

Can't create connected entities / connect entities after creation (unauthorized error) 1 Answer

Deleting the BAAS default role permissions has broken BaaS account 0 Answers

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges