Forum Discussion
any information on what version(s) this has been corrected in? I just upgraded to 12.1.1 and i have users who are not able to use the RestAPI. They get 401. What right does the user require? I would hope that it would reflect the same rights structure and not require them to be admin.
Really?? admin user only? There is no security model for the RestAPI? This renders the use of the RestAPI to be very limited in scope. It certainly can't be used for monitoring systems as the credentials would be required on those systems to call the RestAPI.
This means that anyone who needs to use it basically has the 'keys to the kingdom' and can use those credentials to do whatever they wish on the systems.
Note that generating a token is useless alternative since they expire in 8 hours.
Ref below comment about it being corrected in a subsequent 'hotfix' I'm on 12. no relief.