Description
Steps to Reproduce
-
Create a new Outbound SOAP Message, using the WSDL for any table in the instance that contains records
-
Create a user or use an existing user who does not have authorization to READ from this table.
-
Edit the GetRecords function on the SOAP Message and set Basic Auth Profile as the unauthorized user.
-
Edit the GetRecords function on the SOAP Message and remove any <!--Optional:--> items, so that the <sys:getRecords> element exists with empty data
-
Execute the GetRecords function.
Note the 200 response code and empty response body.
Workaround
Using SOAP, there is no workaround available to obtain a 403 Forbidden error instead of the 200 response that is currently being returned. However, the equivalent REST endpoint will yield a 403 Forbidden error.
Related Problem: PRB711215