Hi I want to ask how to prevent user to access the System.user information object related only for that user, currently i face condition when I loggin with user A, i can see all the list of user under Entity System.User. How to prevent when do this access to API only returned the object which belogngs to session user loggedin { "action":"retrieve_by_xpath", "params":{ "xpath":"//System.User", "schema":{ }, "count":false } }
asked
ALED
1 answers
0
This should already be the case.
When I test this in my applications, I can only see the user that I'm logged in with. Are you sure you're not logged in with a role that has rights to access other user roles?