rode.mb Posted November 8, 2023 Share Posted November 8, 2023 Hi,if you call "rest_v2/reportExecutions" without authentication or a wrong password, you can start any report and if you have the request-id and export-id, you can download every report from any other user.all ressources have the permission "no acces" for the role "ROLE_ANONYMOUS".it also makes no difference, if you disable or delete the user "anonymousUser".Regards,Roland Link to comment Share on other sites More sharing options...
Mehak Rajkumar Posted November 16, 2023 Share Posted November 16, 2023 Thank you for posting to the Jaspersoft Community. Our team of experts has read your question and we are working to get you an answer as quickly as we can. If you have a Jaspersoft Professional Subscription plan, please visit https://support.tibco.com/s/ for direct access to our technical support teams offering guaranteed response times. Link to comment Share on other sites More sharing options...
Akshay Khedkar Posted November 27, 2023 Share Posted November 27, 2023 Hello, Each of the APIs requires user authentication to access the server and it is up to external application to implement the authentication based on requirements Please refer below REST API guide for more details: chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://docs.tibco.com/pub/js-jrs/8.2.0/doc/pdf/js-jrs_8.2.0_REST-API-Reference.pdf Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now