Is it possible to limit a user's permissions scope to prevent him from accessing (using the external API mechanism) all the models except a few ones?
As the very first test, I tried to block all the models:
- create a brand new and empty Group (User types/API) - no Access Rights or Record Rules added;
- add a user to it;
- remove the user from any other Groups (like "Internal User");
But, when I log in and request a model using API calls - it works, just like all the needed permissions have been granted!..
