Restrict API method to permission group(s)

Maybe take a look at this, although this was with the intention of limiting scripts..

(1) Limit access to the API - Forum - Identity Manager Community - One Identity Community

Thanks Henrik, but it seems that this is for the AppServer (where you can access DialogScripts directly), not the API Designer (aka composition api, I think?!).

If I would create a restricted DialogScript and call that from the API, this might work - but that seems somewhat uncomfortable to me.

I've created a IRequestValidator for that, so I can configure the needed permissions on the method builder without repeating myself. But it's still a workaround.

It would be great if the configuration could be done outside the code.

Hello Wolfgang,

You can assign permission groups to API methods using the Designer tool. In the Permissions Editor, there is a menu item "Permissions groups" --> "Assign Web API methods". Pick the permission groups that are authroized to call the selected API. If none are selected, then access is unrestricted (but the default permissions for a table still apply of course).

Thanks Hanno,

that sounds exactly like what I need. But I'm not able to find it.

Is this a new feature (maybe 8.2)? We have version 8.1.4 here.

Not so easy to find...

Thanks - now I've got it.
Is this a group editor only feature? I've searched everywhere inside the list editor...


Btw. the image could not be loaded here in the forum (403 forbidden). It's visible only in the mail I've received.

Weird. I am able to open the image.

Maybe you can see the same behavior if you try to open it in a different browser or in an incognito tab..

Different browser, not even logged in, it works. But using incognito it doesn't. Sorry, but I thinks that i can nothing do against this.