Permissions For NonAuthenticated

Hello,

We have multiple Custom API keys with custom Security Roles. One of those keys is used by a .NET application. Every time we “remove permissions from NonAuthenticatedUser Role” all of our calls fails.

We have a small “agent application” that runs and doesn’t need to authenticate but it needs to have full permissions to the database only from that 1 API Key.

Our Web Front end is using Session based cookies to authenticate with for when users sign in.

Question: is there a way to make the 1 Custom API Key, not have a user authentication and allow all permissions to our database. Very similar to how the cloud code user runs. We need this 1 API key to always be authenticated.

Hi @Denis_Zhirovetskiy

We are looking into your issue and will try to help you as soon as possible

Regards,
Zahar

It seems possible, try creating a new API key and grant all permissions

Regards,
Zahar

Our custom API key does have Grant All Permissions already, but when we deny all to “NonAuthenticatedUser” security role the custom API key using the .NET SDK stops working as well, we get a permissions error saying user is not authenticated.

Hi @Denis_Zhirovetskiy,

Try the following steps:

  1. Deny Data Retrieval for NotAuthenticatedUser:
  • Go to the Users -> Security Roles section.
  • Select the NotAuthenticatedUser role.
  • Explicitly deny the Retrieve operation under the Data column (you can deny all operations if necessary).
  1. Grant Data Retrieval for Custom API Key:
  • Go to the Data Table -> Permissions -> Roles section.
  • Explicitly grant the necessary operations for the custom API key role.

This setup should prevent data retrieval for NotAuthenticatedUser but allow it for users who are not authenticated but using a custom API key.

We just did a test with, and it looks to have worked. Thank you! we will continue testing with this in our dev env.