I have a role with this permission:
path-prefix[/mydb] and (method[PUT] or method[POST] or method[GET])
I'm trying to create a collection in this database following this doc: https://restheart.org/docs/mgmt/dbs-collections/
So, I wrote using postman this:
method: PUT url: https://myhost.mydomain/mydb/newcollection
User and password are ok. The user has this role. GET works.
But the PUT return 403 (not 401, 403).
RestHeart (v6).
Any tips to solve this?
Solved.
The version 6 changed somethings in security. Now some permissions have to be set explicitly, in this case, to allow management requests:
"mongo": {
"allowWriteMode": false,
"allowManagementRequests": true,
"allowBulkPatch": false,
"allowBulkDelete": false
}