Restricting access

Hi,

I am trying to restrict access to some users so that they cannot view the System menu which provides sensitive information.
I worked around the fact that the Reader role cannot be removed from a user via the Web UI by using the API to create a role without inputs:read (Since System -> Inputs contains sensitive information) and then removing the Reader role from the user and assigning it that new role.
However, users can still view the System -> Nodes and i cannot find a way to remove this. System -> Nodes provides access to the REST API Browser which then allows anyone to retrieve all system users or any other sensitive information.
Could you please advise? I need to be able to use the API Browser as an admin (So i can’t disable it in the config) but I certainly don’t want regular user to have access to it.

Thanks,

Sam.

It’s not possible to hide menu System at all. But regular user can open Rest Api browser, but can’t run it, because of permissions, so it can’t read sensitive information.

If you want to remove another information from Nodes, you can remove permissions:
“indexercluster:read”,
“metrics:read”,
“journal:read”,

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.