Only Read Operattions #2388
-
|
Is it possible to allow only read operations in API? I don't even want swagger to expose endpoints for Create/Update/Delete. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hi Amit, Yes, You would need to restrict your entity's in dab-config.json to only allow the "read" operation. The OpenAPI doc exposed and used by swagger always shows all endpoints, but executing commands against those endpoints only works if the correct permissions (or any permissions at all) are defined for the given operation. This doc article has a good example: https://learn.microsoft.com/en-us/azure/data-api-builder/authorization#permissions-must-be-explicitly-configured "EntityName": {
"source": "dbo.books",
"permissions": [{
"role": "anonymous",
"actions": [ "read" ]
}]
}will only allow the read operation (GET) to be executed. All other operations will result in 403 forbidden. |
Beta Was this translation helpful? Give feedback.
Hi Amit,
Yes, You would need to restrict your entity's in dab-config.json to only allow the "read" operation. The OpenAPI doc exposed and used by swagger always shows all endpoints, but executing commands against those endpoints only works if the correct permissions (or any permissions at all) are defined for the given operation.
This doc article has a good example: https://learn.microsoft.com/en-us/azure/data-api-builder/authorization#permissions-must-be-explicitly-configured
will only allow the read operation (GET) to be executed. All other operations will result in 403…