Release notes
Back to All

Release Notes 12/17/2024

4 days ago by Paul

This release includes two new security enhancements to the Fusion platform.

Restrict Fusion Access to a List of Allowed IPs

You can now restrict the IPs that can access Fusion to provide enhanced security. The allowed IPs restriction applies to both users logging into the Fusion Portal and usage of the API. It applies to both the initial authentication request and all subsequent API calls.

The default, which has not changed, allows any IP. Configure the allowed IP list in Settings > User Management > Global Security/SSO to restrict access by a list of allowed IPs.

If an API call is attempted from an IP that is not allowed, the response will be 403: Your IP address ${ip} is outside of access-allowed IPs range.

See: Allowed IPs

Full CRUD (Create/Read/Update/Delete Permissions) for Roles

You can now remove the Read permission from roles in Fusion, providing full CRUD (Create, Read, Update, Delete) access control. This allows you to create a role that do not have any ability to read/view areas of the product at all. Previously, roles could restrict create, update, and delete permissions, but you could not remove read access.

Roles can be modified with the new permissions in Settings > User Management > Roles.