Hello everyone,
I try to invoke a script on the Rest-API with administrative permissions for the script and not the permissions of the user.
The idea is, that users can only communicate with a published Script API but cannot change objects in Identity Manager over the other generic REST methods.
In this way, it would be possible i.e. to write setter on attributes, but only set this value, if it is not filled yet.
Or to force the user to use a transaction instead of 3 separated calls for single objects.
Is this possible with some annotation in the script or similar?
Thank you