Security for the Add-on feature

By default, the Add-on service is installed without security, meaning that any user can perform any operation using the user interface or API. While this may be acceptable in a development environment, in a production environment, SDL strongly recommends that you restrict access to the service. The Add-on service can be accessed by users with different roles, to provide varying levels of access.