Invoking a Script over REST-API with admin permissions

Hello everyone,

I try to invoke a script on the Rest-API with administrative permissions for the script and not the permissions of the user.

The idea is, that users can only communicate with a published Script API but cannot change objects in Identity Manager over the other generic REST methods.

In this way, it would be possible i.e. to write setter on attributes, but only set this value, if it is not filled yet.

Or to force the user to use a transaction instead of 3 separated calls for single objects. 

Is this possible with some annotation in the script or similar?

Thank you

Parents
  • By the way: the user has enough permissions to call the script over REST. But on invocation it can be seen that permissions to query ADSAccounts are not sufficent, so that the record is not found.  

    Currently I don´t have assigned any table/column permissions to that user and I´d like it to stay that way.

Reply
  • By the way: the user has enough permissions to call the script over REST. But on invocation it can be seen that permissions to query ADSAccounts are not sufficent, so that the record is not found.  

    Currently I don´t have assigned any table/column permissions to that user and I´d like it to stay that way.

Children
No Data