We are evaluating NextLabs
EntitlementManager to restrict
the users belong to some security groups toaccess selected site collections
with sensitive information even these users have been granted the permission
through individual account, any AD groups, or email list groups. After we have
set up the policy and restrict the access to a list, we found it block the
access for many clients but not for REST client.
The list we try to block is http://serverURL/dept/Firethorn/IT/Lists/Harry/AllItems.aspx. After the deny access policy has been applied to the list, you will get
the following error message when you try ace the list from SharePoint UI.
Even the message is not user friendly, it has block the access
based on the policy. However, when you try to access the same list through REST
web service http://serverURL/dept/Firethorn/IT/_vti_bin/listdata.svc/Harry, we are
able to ace the content as in the following screen shot.
This seems to be a bug and we are working with NextLabs to
identify the way we could block the list and library access from REST web service
when the deny access policy applied.
No comments:
Post a Comment