[NXP-30596] Ability to restrict bulk operations - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Bulk

Team:
PLATFORM

Description

Sample syntax for a bulk operation via REST call is as follows:

curl -u Administrator:Administrator 
       -H 'Content Type: application/json'
       -X POST 'http://localhost:8080/nuxeo/api/v1/search/bulk/setProperties'
       -d  '{
                    "dc:nature": "article",
                    "dc:subjects": ["art/architecture"],
                     ....
             }

Currently, anyone can make a bulk call as long as provide valid user credentials in the -u parameter. This has caused problems at a few customer where users submit commands which they shouldn't and impact overall performance.

Could the ability to run bulk commands be configurable such that a customer could lock down who runs? Perhaps only users in an Administrators group can run and all others would be blocked if attempted?

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

Scott Karnyski

Participants:

Scott Karnyski

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2021-09-09 16:53

Updated:

2021-09-09 16:58