feat: GRANT/REVOKE ACCESS on PUBLISHED REST SERVICE

[ako]

Feature Request

Support security access management for published REST services via GRANT/REVOKE.

Use Case

Published REST services have AllowedRoles and AuthenticationTypes fields that control who can access the API. Currently these can only be configured in Studio Pro.

Proposed Syntax

-- Grant access to a role
GRANT ACCESS ON PUBLISHED REST SERVICE Module.API TO Module.AdminRole;

-- Revoke access
REVOKE ACCESS ON PUBLISHED REST SERVICE Module.API FROM Module.AdminRole;

-- Show current access
SHOW ACCESS ON PUBLISHED REST SERVICE Module.API;

-- Set authentication type
ALTER PUBLISHED REST SERVICE Module.API SET Authentication = 'Basic';

Context

GRANT/REVOKE ACCESS is already supported for OData services. The BSON fields AllowedRoles and AuthenticationTypes on Rest$PublishedRestService are already known from the metamodel.

Discovered during testing of CREATE PUBLISHED REST SERVICE (PR rest branch).

[github-actions]

Issue Triage

Summary:
The request adds GRANT/REVOKE ACCESS commands for published REST services to let users manage role‑based access and authentication types from the CLI.

Checklist for feature request

Required info	Present?	Details
Use case – why the feature is needed	✅	Describes that AllowedRoles and AuthenticationTypes can only be set in Studio Pro now.
Proposed syntax or behavior	✅	Shows GRANT, REVOKE, SHOW, and ALTER statements.
Mendix version relevance (if version‑specific)	❌	No mention of which Mendix versions this applies to or any version constraints.

What’s missing:
Please let us know which Mendix version(s) this feature should target (e.g., 9.x, 10.x) and whether there are any version‑specific considerations or limitations.

Thank you for the suggestion! Once we have the version information, we can move forward with evaluating the request.

---

Automated triage via OpenRouter — workflow source