Enabling script access

1. 1. 1. Tutorial

Setting up role-based access to server-side event scripts.

1. 1. 1. Background

Roles govern HTTP access to the REST API endpoints in DreamFactory as well as server-side event scripts. Server-side event scripts are programs that execute when an API event fires (either an API request or an API response). When you implement server-side scripts in the 'Scripts' tab, no scripts are accessible by default (unless you are a DreamFactory Admin).

You can give access to specific event scripts by following the examples below.

1. 1. 1. Example - Enable HTTP access to SQL tables for a role

1. Log into the DreamFactory admin console as an Admin. 2. Click on 'Roles' > 'Create'. 3. In the 'Access' tab, select your SQL database API for 'Service', the table name for 'Component', HTTP verbs for 'Access', and API for 'Requestor'. Repeat for each table you are exposing to this role.

Note: You can also allow script-only access to tables. This allows you to grant access to a table by server-side scripts invoked by the API call, while not exposing direct access to the table by the API.

1. 1. 1. Example - Creating and updating role permissions with the REST API

You can create and update role permissions directly with the API. Click on 'API Docs' in the DreamFactory Admin Console and view the '/system/role' API calls.