Discussions

Hello, I'm concerned about this situation: I just created a Public User in Imis and didn't change any permission to it.

I found that using the following script from the browser console, this new Public User (after I logged in with his credentials in Rise) could do many listings like the one below. Could you help me understand why ? I need to let him just read information, but I'd like to know how to block Public Users from reading information.

jQuery.ajax("https://mytest-imis123.com/imis/api/Party",

{

type : "get",

contentType: "application/json",

headers: {"RequestVerificationToken": document.getElementById("__RequestVerificationToken").value},

success: function(data){console.log(data);}

})

Thank you !