Trying to implement security for Change Tracking of an Entity through navigation but still able to access it by expanding through url.
I have below service with ErrorPricing Entity for which Change Tracking is enabled.
service ErrorPricingService { @(Capabilities: { InsertRestrictions.Insertable: true, UpdateRestrictions.Updatable : true, DeleteRestrictions.Deletable : false }) @odata.draft.enabled: true entity ErrorPricing as projection on errorPricing.ErrorPricing; }
Below is the security service implemented for the entity.
annotate ErrorPricingService.ErrorPricing with @(restrict: [ { grant: ['*'], to : 'PriceAdminInternal' }, { grant: ['READ'], to : 'PriceViewerInternal' }, { grant: ['READ'], to : 'PriceAdminExternal' } ]);
I tried using below approach but it results in internal server error.
annotate ErrorPricingService.ErrorPricing.changes with @(restrict: [ { grant: ['*'], to : 'PriceAdminInternal' }, { grant: ['READ'], to : 'PriceViewerInternal' }, { grant: ['READ'], to : 'PriceAdminExternal' } ]);
Below are the snapshots from the url from where I am able to access changes by expanding the url.
![Uploading Screenshot 2024-10-29 at 11.29.22 PM.png…]()
Hi Team,
Trying to implement security for Change Tracking of an Entity through navigation but still able to access it by expanding through url. I have below service with ErrorPricing Entity for which Change Tracking is enabled.
service ErrorPricingService { @(Capabilities: { InsertRestrictions.Insertable: true, UpdateRestrictions.Updatable : true, DeleteRestrictions.Deletable : false }) @odata.draft.enabled: true entity ErrorPricing as projection on errorPricing.ErrorPricing; }
Below is the security service implemented for the entity.
annotate ErrorPricingService.ErrorPricing with @(restrict: [ { grant: ['*'], to : 'PriceAdminInternal' }, { grant: ['READ'], to : 'PriceViewerInternal' }, { grant: ['READ'], to : 'PriceAdminExternal' } ]);
I tried using below approach but it results in internal server error.
annotate ErrorPricingService.ErrorPricing.changes with @(restrict: [ { grant: ['*'], to : 'PriceAdminInternal' }, { grant: ['READ'], to : 'PriceViewerInternal' }, { grant: ['READ'], to : 'PriceAdminExternal' } ]);
Below are the snapshots from the url from where I am able to access changes by expanding the url. ![Uploading Screenshot 2024-10-29 at 11.29.22 PM.png…]()