2 Replies Latest reply on Feb 24, 2015 11:58 AM by tdanner

    SDK API security tightening


      Possibly more a feature request (though don't see a section for SDK from Feature Requests)
      I've noted after being asked by a 3rd party for access that there is some gap / tightening required for this to be achieved.


      After setting up an account with no permissions just view only really {no admin/create/report/ack alerts etc.} and only able to view a limited bunch of nodes set by the account visibility permissions, that certain platform based queries could still be made.

      Examples -

      Orion.AlertStatus - showed all alerts regardless of account permission restricting from seeing other nodes

      Orion.Accounts - platform wide user account visibility

      Orion.ActionsProperties - details of a report not relevant to that user and if they ran the report from the WebUI then they would get 0 results.

      Am I looking at this incorrectly / too deeply and this wouldn't be the case?