Get Involved. Join the Conversation.


    REST API Restriction on Roles/Users
    Topic posted October 23, 2019 by AdamSilver Medal: 2,000+ Points, tagged Configuration, Integration, Web Services 
    24 Views, 1 Comment
    REST API Restriction on Roles/Users
    Can we restriction Users to not make REST requests?


    In our Sales Cloud application, we have configured certain layouts for different kind of users and based on roles we are enabling respective layouts to control to show different buttons and fields. For example, on Opportunity if a user logins with role A_role then he will see layout A-layout where he has button to Add & Delete records. If a user logins having role B_role then B-layout will be enabled where the user can only add new records and so on. The problem is that we copied our roles from Sales Manager role and we did not removed delete/create access from our custom roles and so if user with role B_role will use a rest client then he will be able to create/delete records. Is there a way to not allow users to send REST requests and can also use application after login into the system?





    • Fernando Paes

      Hi Adam,

      you could do a groovy script to avoid those roles to create/delete (delete script would not work in Accounts and Contacts) throwing an exception.

      However, the best solution would be to modify the roles to remove the create/delete action.

      Kind Regards.