Exposing System.User with OData returns nothing

1
Hello, We're trying to expose our Administration.Account entities using OData to process these in PowerBI. However, when exposing the Account entity, we only get the id, FullName and Email attributes (all attributes of the Account entity) and get nothing from the generalized System.User entity. Even when we tried exposing the User entity as well, we could only get the id's of the users and not even the Name even though it's got read access tied to it. I guess my question really is if it's even possible to expose the System.User entity using OData at all? And if so, why is there a lock on this? If it is possible to expose this entity, please share your experiences. Thanks in advance!
asked
3 answers
3

I would suggest to copy the informations you need (and only those informations) to a separate entity, like eg. Person, which has a 1:1 assoc. to your accounts and expose those objects with an respective access concept. 

As Rene van Hofwegen already said, your current solution is imho a huge security risk, as the interface user is allowed to manage all users in the system and could therefore also delete or modify them. 

answered
1

A short update and answer for anyone who might have gotten the same issue. We have solved this by checking the "All” flag for the “Users with this user role can manage users with at most the following user roles:” setting in the User Role settings of the project security settings.

Apparently there is a hidden feature that makes it possible for users with this user role and setting enabled, to see all System.User data and be able to retrieve this information for, for example, OData streams.

Setting both the System and Administration module roles for this user to “User” works just fine. No need to set them to “Administrator” it seems.

answered
0

Is the account you’re using to access the data an administrator in the System module?

answered