security API REST

Bonita 7.5.4, Community
I have a project with some process that accesses to API REST from forms. In the studio, there is no problem but in production, only the profile ‘administrator’ can access to the API REST.

I have resolved the problem by editing the parameter “security.rest.api.authorizations.check.enabled” to false […\setup\platform_conf\current\tenants\1\tenant_portal\security-config.propierties]

But I don’t know if this is correct from the point of view of security. Is there another way to permit to the profile ‘user’ access to API REST without compromising the security?

Hi,

Yes you can definitely do that. Here is the documentation page about this topic.

It’s not that easy to approach at the beginning and it might require a little bit of hit and try but it’s doable. If you want to provide more details about what APIs you’re trying to protect, I could try to help.

Cheers

Thanks.
At last I have been able to set the permissions like I wanted.
My problem was that the profile user has not got access to API/bpm/activityVariable. I granted this permission editing the ‘custom-permissions-mapping.properties’ adding profile|User=[flownode_visualization]

I think that this permission should be granted by default because I suppose that will be usually to need access to those kinds of variables from pages and forms.

Regards