Skip to Content
avatar image
Former Member

GET Documents in RESTful web services retrieves documents which the user do not have access to

Hi All,

For the testing purpose , I have created a new test user id and gave access so that the user could see reports only from one folder(with 6 reports in it- The same can be seen in BI launchpad).

We have been trying to use the RESTful Webservices for WebI for our development . So, we started with a sample code available at https://wiki.scn.sap.com/wiki/display/BOBJ/Dynamic+Usage+of+RESTful+API+With+C%23+and+.NET .

So, code in this sample uses a GET statement to list out documents a user has access to according to the syntax . But when this command is executed , we are seeing the list of reports which user doesn't have access to .

The testuser is part of Everyone user group. But all the public folder's "Everyone" access is set to "No Access" except the new folder the test user has access to.

Did anyone experienced such kind of issues ? Please suggest me.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Dec 07, 2018 at 11:29 PM

    This does not sound right.

    If you get the IDs of the documents returned that the user should not have access to, can you query for those IDs in querybuilder (http://<boeserver>:port/AdminTools ) when logged on as that user and get results?

    ie: Select * from CI_Infoobjects where SI_ID=<id returned from REST call>

    Also, if you log into the CMC and look at the Sessions, does the new user show as logged on? The custom application logon and querybuilder logons be the ones with a client session called "Logon without Client ID", so make sure you know which logon is from the RESTful application to be sure it is the correct user.

    Dan

    Add comment
    10|10000 characters needed characters exceeded