After playing around with Strapi for a while, I found out that per model / column detailed Role Based Access Control (RBAC) is not available in community edition. Control over what data is available for specific user is an important aspect of what we are building, we started to look for other options, and found an interesting project called Gentics Mesh.
We could test Gentics Mesh on official docker image.
However, what we needed was to check its RBAC features. Here is admin control panel for permissions:
Here we disabled all access to nodes (data) for “anonymous” role users, but the demo application still displays the data.
There was a discussion in github issue:
An old issue but it sounds the case with the demo.
So, we tried the API access using ARC:
No data available.
Now we allow some data to anonymous user to see the results change.
On the left, “Yacht” node is available, and on the right, “Aircraft”: