Applies to Product - Microsoft Dataverse
What’s happening?
Non-admin users have unauthorized access to the Web API service, allowing them to connect to various services and extract data without proper permissions.
Reason:
This arises from the configuration of security roles. When duplicating a security role and removing specific privileges, the expected restrictions are not enforced, leading to unauthorized access.
Resolution:
For Restricting Non-Admin Users' Access to Web API Service:
- Ensure that the security role assigned to the user does not include the necessary privileges for accessing the Web API service.
- Test the configuration by duplicating the Out-Of-Box (OOB) role and removing the specific privilege. Verify that the expected restrictions are enforced.
- If the issue persists, consult the relevant documentation or support channels for updates on the feature to restrict access.
- Review the security roles and privileges assigned to users to ensure compliance with internal security guidelines.
- Monitor updates from the development team regarding any fixes or enhancements related to these issues.
