Enabling script access

Tutorial

Setting up role-based access to server-side event scripts.

Background

Roles govern HTTP access to the REST API endpoints in DreamFactory as well as server-side event scripts. Server-side event scripts are programs that execute when an API event fires (either an API request or an API response). When you implement server-side scripts in the 'Scripts' tab, no scripts are accessible by default (unless you are a DreamFactory Admin).

You can give access to specific event scripts by following the examples below.

Example - Enable HTTP access to both the API and event scripts for a role.

1. Log into the DreamFactory admin console as an Admin.

2. Click on 'Roles' > 'Create'.

3. In the 'Access' tab, select your SQL database API for 'Service', the table name for 'Component', HTTP verbs for 'Access', and both API and Script for 'Requestor'. Repeat for each table and script you are exposing to this role.

In this example, we've exposed API access to the Contact table itself and also allowed event scripts to run for API calls to the Contact table.

Example - Enable HTTP access to only event scripts for a role.

1. Log into the DreamFactory admin console as an Admin.

2. Click on 'Roles' > 'Create'.

3. In the 'Access' tab, select your SQL database API for 'Service', the table name for 'Component', HTTP verbs for 'Access', and Script for 'Requestor'. Repeat for each table and script you are exposing to this role.

In this example, we've not exposed API access to the Contact table itself but have allowed event scripts to run for API calls to the Contact table.