From a0bf74ae9dc0880c801873be16daa7934064b7b7 Mon Sep 17 00:00:00 2001 From: AntonEliatra Date: Wed, 7 Aug 2024 15:23:51 +0100 Subject: [PATCH] Add a comment regarding read/write control via HTTP verbs #863 (#7909) * adding a comment regarding read/write control via HTTP verbs #863 Signed-off-by: AntonEliatra * adding a comment regarding read/write control via HTTP verbs #863 Signed-off-by: AntonEliatra * Update rest-layer-authz.md Signed-off-by: AntonEliatra * Update _security/access-control/rest-layer-authz.md Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --------- Signed-off-by: AntonEliatra Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/access-control/rest-layer-authz.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_security/access-control/rest-layer-authz.md b/_security/access-control/rest-layer-authz.md index 71960481ff..b882cf04e0 100644 --- a/_security/access-control/rest-layer-authz.md +++ b/_security/access-control/rest-layer-authz.md @@ -16,6 +16,8 @@ Developers, on the other hand, will need to understand the ideas behind `NamedRo The benefits of using the REST layer for authorization include the ability to authorize requests at the REST layer and filter out unauthorized requests. As a result, this decreases the processing burden on the transport layer while allowing granular control over access to APIs. +Some read operations, such as [scroll]({{site.url}}{{site.baseurl}}/api-reference/scroll/), manage state. Therefore, it is recommended to control read and write access using the Security plugin [permissions]({{site.url}}{{site.baseurl}}/security/access-control/permissions/), instead of allowing/blocking HTTP request verbs. + You must have the Security plugin enabled to use REST layer authorization. {: .note }