-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
REST API Ignores User Role Scope #35465
Comments
Hi @engcom-Delta. Thank you for your report.
Make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:
For more details, review the Magento Contributor Assistant documentation. Add a comment to assign the issue: To learn more about issue processing workflow, refer to the Code Contributions.
🕙 You can find the schedule on the Magento Community Calendar page. 📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket. ✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel |
✅ Jira issue https://jira.corp.magento.com/browse/AC-3124 is successfully created for this GitHub issue. |
✅ Confirmed by @engcom-Hotel. Thank you for verifying the issue. |
Further investigation and confirmation from @glo82145 we found out that currently in the existing system, this is the default behaviour and filtering of data, store scope wise is not done according to user role scope. Scopes of users which is define in acl.xml file in any module is just used to provide access to api. (which user can access which api) and currently not working on data filter. Hence, This is working according to default behaviour. Hence closed |
Description:
https://github.com/magento/partners-magento2ee/issues/92
Preconditions (*)
Steps to reproduce (*)
2.Assign the user role's scope to 1 store view
Expected result (*)
Actual result (*)
The text was updated successfully, but these errors were encountered: