Bug
When a service is configured to allow only a specific set of roles, but its parent folder is configured to allow public access, any user aware of the service's REST endpoint can bypass security and access the service as if it was publicly accessible.
| Bug ID Number | NIM075654 |
|---|---|
| Submitted | November 22, 2011 |
| Last Modified | June 5, 2024 |
| Applies to | No Product Found |
| Version found | 10.1 |
| Version Fixed | 10.1 |
| Status | Fixed |
Workaround
Instead of configuring security for the service, apply the security settings to the parent folder containing the service.Steps to Reproduce
Bug ID: NIM075654
Software:
- No Product Found
Get notified when the status of a bug changes
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback
Get help from ArcGIS experts
Download the Esri Support App