Werk #18679: Fix permission for the parent_scan REST API endpoint

Component

REST API

Title

Fix permission for the parent_scan REST API endpoint

Date

Nov 6, 2025

Level

Trivial Change

Class

Bug Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.5.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.4.0p16 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

The REST API endpoint check_mk/api/1.0/domain-types/parent_scan/actions/start/invoke previously lacked proper validation of user permissions.

As a result, any authenticated user could invoke this endpoint without having the necessary permissions to manage or view the status of system jobs. This allowed any authenticated users to start the parent scan background job. No sensitive information was returned during this process.

The appropriate permissions are now required to invoke this endpoint, and this change is documented in the REST API documentation.

To the list of all Werks