Address Contact Detail Restriction

See the "User Access" chapter of the Security Guide for details of this type of access restriction. The HTTP API will only expose addresses to which the user has access to.

Restrict Top-Level Resource

Use case: An address is Retrieved as Top-Level Resource

The HTTP API will automatically add the following filter:

where address.accessRestriction is null
or address.accessRestriction in (accessrestrictions of user where Retrieve = Y)

Restrict Sub-Resource

Use case: A Top-Level Resource is Retrieved with Address as its Sub-Resource.

The HTTP API will automatically add the following filter when retrieving the sub resources:

where address.accessRestriction is null or
or address.accessRestriction in (accessrestrictions of user where Retrieve = Y)

Concealing of Linked Resource

The HTTP API does not support this case. Addresses do not act as linked resources, they can only act as top-level or sub resources.

Inference Prevention

The HTTP Query API supports searching for persons or relations based on their address:

POST http://[hostName]:[portNumber]/[api-context-root]/generic/persons/search

{
  "resource": {
    "q": "addressList.houseNumber.eq(1)"
  }
}

When a restricted address would be used for finding the persons with house number 1 and a person would be returned, it can be inferred that the person has house number 1, although the address is not present in the returned resource representation.

Therefore, when searching for relations or persons based on address, only addresses a user has access to are used. The HTTP Query API will automatically add an additional filter when an address attribute is used as query condition.

This restriction does not apply when searching for relations or persons without any address search criteria.