From cc9d9b83a3f69de1b96cfac43ee5457f796489e0 Mon Sep 17 00:00:00 2001 From: Cole Garbo Date: Thu, 8 Aug 2024 08:52:22 -0400 Subject: [PATCH] move permission note to warning --- .../camunda-api-rest/camunda-api-rest-overview.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/apis-tools/camunda-api-rest/camunda-api-rest-overview.md b/docs/apis-tools/camunda-api-rest/camunda-api-rest-overview.md index 6893b53306..550f34a32b 100644 --- a/docs/apis-tools/camunda-api-rest/camunda-api-rest-overview.md +++ b/docs/apis-tools/camunda-api-rest/camunda-api-rest-overview.md @@ -26,13 +26,14 @@ See [the interactive Camunda 8 REST API Explorer][camunda-api-explorer] for spec ### Query API -All Query API endpoints contain an `(experimental)` declaration. Those endpoints are not accessible by default in Camunda 8 clusters. +:::warning +Query API endpoints do not currently support [resource authorizations][resource authorizations], and can be used to expand user access to restricted resources. If you use resource permissions, allowing public access to those endpoints is not recommended. +::: -The search endpoints don't yet integrate with [resource authorizations][]. As a result, using search endpoints, users can expand their access to -resources they are not allowed to. Thus, if you use resource permissions, we don't recommend to allow public access to those endpoints. +All Query API endpoints contain an `(experimental)` declaration. Those endpoints are not accessible by default in Camunda 8 clusters. -You can enable the experimental search endpoints by setting the configuration property `camunda.rest.query.enabled` to `true`. Alternatively, -the environment variable `CAMUNDA_REST_QUERY_ENABLED` can be set to `true`. +You can enable the experimental search endpoints by setting either the configuration property `camunda.rest.query.enabled` to `true`, +or the environment variable `CAMUNDA_REST_QUERY_ENABLED` to `true`. [camunda-api-explorer]: ./specifications/camunda-8-rest-api.info.mdx [resource authorizations]: /self-managed/concepts/access-control/resource-authorizations.md