Why You Should Never Use FullAccess
Published by Miranda Danielson on July 6, 2023
In security, the Principle of Least Privilege states "that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function"; therefore best practices dictate that it’s better to never use FullAccess at all than to allow it to become a bad habit and run the risk of giving users access to your application and data in ways you never intended or thought out.
What is FullAccess?
FullAccess is a Role that can be assigned to an organization, group, or user via SecurityProfile.
What can a user do with FullAccess?
A user with FullAccess can make any call to the OrderCloud API. Here are just a few examples of detrimental actions a user with FullAccess could take against your organization:
Delete all products, orders, users, etc.
Change pricing on every product in your catalog
Mine all user data including email addresses and other personally identifiable information
Change any user’s password, which would then allow them to login as that user
ApiClientAdmin or WebhookAdmin, or FullAccess roles.Why does OrderCloud provide the FullAccess role if I should never use it?
The reasoning behind providing a FullAccess role was that we thought it would be a useful tool for developers to use in a pinch for short term testing. It could save them the few minutes of time it would take to figure out what explicit roles a user would need to perform a specific action; however, in the past we have observed instances where the role is being assigned widely to many users which is a trend that tells us FullAccess is likely being used in scenarios beyond just testing or development tasks.
We hope you’ll take this guidance into consideration while building and maintaining your OrderCloud applications.
Still have questions?
Ask in our Community Channel