Rest Service Global administrator

sameh ado asked on August 19, 2014 19:08

i am using the rest service of Kentico CMS version 6 and i access this service over the internet by Android App. the problem is this service must has the global administrator permission for a user service. so if anyone can hack the android app and get username and password , he will easily access all documents and objects and CMS Site Manager does not give me more options for each object and document while i need this user read only cms.user object only without delete by rest service.

do anyone solve this issue?

Recent Answers

Brenden Kehren answered on August 20, 2014 14:14

Have you checked out the rest authentication documentation? In there you can restrict which doc types and objects the REST service can access. If you leave the boxes empty, ALL items are assumed. Best to specify values. Also if you check READ ONLY, there will be no delete access. I understand you can't set permissions for each object there but you can set them per role or user outside of the Rest settings.

0 votesVote for this answer Mark as a Correct answer

sameh ado answered on August 24, 2014 11:06

thank you for your reply,

now i am using the authentication hash to authenticate the URLs but it requires the authentication when i use the put and post methods.

Please advice on the below.

1 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.