Similarly to other Telerik Platform resources, stored procedures are subject to access control. You can use permissions to specify who has access to your stored procedure endpoints.
This article explains important concepts behind stored procedure permissions and talks about using the portal to view and set permissions. See Introduction to Business Logic Permissions to find out how to manage permissions programmatically.
By default, when you map a stored procedure, the resulting endpoint can be invoked by users in all currently existing roles, including the Anonymous role.
Newly-added roles in your application are not allowed to call these endpoints. You need to set the permissions for the endpoint to accept requests from users in these roles.
You are advised to change the default set of permissions. In case you decide to keep it, ensure that you take into account all possible parameters and act accordingly. Even if you are making the right calls to the endpoint from your app, someone might find out the endpoint URL and execute it with whatever parameters they want.
To set an endpoint's permissions click the gear icon next to the endpoint name and select Permissions from the drop-down list.
Just as with content types and Cloud Functions, role-based permissions can be leveraged to control who can invoke stored procedure endpoints. For example you could allow only users belonging to the Registered role to access an endpoint.
- Introduction to Business Logic Permissions
- Introduction to Stored Procedures
- Getting Started with Stored Procedures
- Mapping Stored Procedures
- Executing Stored Procedures
- Reading Stored Procedure Mappings
- Getting the Stored Procedure Endpoints Count
- Updating Stored Procedure Mappings
- Deleting Stored Procedure Mappings
- Limitations of Stored Procedures
- Stored Procedures Fields and Values Reference