1. Authentication

Why you should never use FullAccess

In security, the Principle of Least Privilege states "that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function". Therefore, best practices dictate that it's better to never use FullAccess at all than to allow it to become a bad habit and risk giving users access to your application and data in ways you never intended.

Understanding FullAccess

FullAccess is a Role that can be assigned to an organization, group, or user via SecurityProfile. This role grants complete access to the OrderCloud API, making it a powerful but potentially dangerous permission level.

Security risks

A user with FullAccess can make any call to the OrderCloud API. Here are just a few examples of detrimental actions a user with FullAccess could take against your organization:

  • Delete all products, orders, users, etc.
  • Change pricing on every product in your catalog
  • Mine all user data including email addresses and other personally identifiable information
  • Change any user's password, which would then allow them to login as that user

Certain users are prohibited from administering some resources regardless of what roles are assigned to them. For example, a buyer user cannot administer things like ApiClients or Webhooks, even if they are granted the ApiClientAdmin or WebhookAdmin, or FullAccess roles.

Design considerations

The reasoning behind providing a FullAccess role was that it would be a useful tool for developers to use in a pinch for short term testing. It could save them the few minutes of time it would take to figure out what explicit roles a user would need to perform a specific action.

However, we have observed instances where the role is being assigned widely to many users, which indicates that FullAccess is likely being used in scenarios beyond just testing or development tasks.

Recommendations:

  • Use specific roles tailored to each user's needs
  • Define clear boundaries for access permissions
  • Regularly review and audit user permissions
  • Remove any unnecessary access rights
  • Consider FullAccess only for temporary development testing

We hope you'll take this guidance into consideration while building and maintaining your OrderCloud applications.

If you have suggestions for improving this article, let us know!