I’ve been setting up an OAuth2 “Client Credentials” connection to SuiteCRM using the V8 API on 7.11.0
I’d like to ensure that my API connection is locked down to only allow certain operations (e.g. viewing accounts, but not deleting accounts etc.). To do this I assumed the method would be to create a new user, and assign them to a security group with the appropriate role set up, then associate the OAuth2 Client Credential with the newly created user.
However, after testing this approach I’ve found my system access via the API is unrestricted.
Is it just the case that the API gives unrestricted access regardless of the user associated to the OAuth2 credential?