Hi,
Not sure if tired or just in a "wtf" moment.
- Using Magento 2 Cloud Entreprise
- Create a User test + an associated Role
- Tick only "orders" for this role / user
- Limit this role to a specific website (website1.com)
Connecting via API, using "test" credentials, allows user "test" to fetch ALL orders (whatever the website).
Am I missing something here ?