Why You Should Never Use FullAccess
Published by Miranda Posthumus on July 6, 2023
In security, the Principle of Least Privilege states "that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function"; therefore best practices dictate that it’s better to never use
FullAccess at all than to allow it to become a bad habit and run the risk of giving users access to your application and data in ways you never intended or thought out.
What is FullAccess?
FullAccess is a Role that can be assigned to an organization, group, or user via
What can a user do with FullAccess?
A user with
FullAccess can make any call to the OrderCloud API. Here are just a few examples of detrimental actions a user with
FullAccess could take against your organization:
Delete all products, orders, users, etc.
Change pricing on every product in your catalog
Mine all user data including email addresses and other personally identifiable information
Change any user’s password, which would then allow them to login as that user
Certain users are prohibited from administering some resources regardless of what roles are assigned to them. For example, a buyer user cannot administer things like ApiClients or Webhooks, even if they are granted the
Why does OrderCloud provide the FullAccess role if I should never use it?
The reasoning behind providing a
FullAccess role was that we thought it would be a useful tool for developers to use in a pinch for short term testing. It could save them the few minutes of time it would take to figure out what explicit roles a user would need to perform a specific action; however, in the past we have observed instances where the role is being assigned widely to many users which is a trend that tells us
FullAccess is likely being used in scenarios beyond just testing or development tasks.
We hope you’ll take this guidance into consideration while building and maintaining your OrderCloud applications.