operation-security-overrides-root-security
Overview
This rule belongs to the openapi-v3-standards-linting ruleset and states that:
If security mechanisms are declared for the operation using the security property, they will override any security applied at top level i.e. in the OpenAPI Object. To remove a top-level security declaration, an empty array can be used.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Information |
| Message | Operation Object level security overrides the security applied at top level. |
| Code | OPENAPI3STANDARDS_L041 |
| Type | Linting |
| Rule System | Semantic |
| Broad Category | Operations |
| Products Impacted | API Transformer, Code Generation, Developer Experience Portal |
| Tags | openapi3 openapi standards semantic linting security operation |
Suggested Fixes
- If you do not intend to override the global security applied to all operations, remove the Operation Object level
securityproperty definition - To remove a top-level security declaration for an operation, declare
securityas an empty array.
For More Information
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#operation-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#openapi-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#operation-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#openapi-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md
- https://docs.apimatic.io/rulesets/overview/