Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-1649

Extend the permission to access the Account Management API for Admin Portal member users

XMLWordPrintable

    • Hide

      SaaS
      1. Login to the Admin Portal using an Administrator account.
      2. Select an user in Account Settings --> Users --> Listing.
      3. Grant all permissions except for "Developer Accounts – Applications".
      4. Login to the Admin Portal as the user account.
      5. Access: Account Settings --> Personal --> Tokens.
      6. Create a new "Read & Write" Access Token.
      7. "Account Management API" will not appear in the "Scopes" section.

      On-premises 2.3 or below
      1. Login to the Admin Portal using an Administrator account.
      2. Select an user in Account & Personal Settings --> Account --> Users.
      3. Grant all permissions except for "Developer Accounts – Applications".
      4. Login to the Admin Portal as the user account.
      5. Access: Account & Personal Settings --> Personal Settings --> Tokens.
      6. Create a new "Read & Write" Access Token.
      7. "Account Management API" will not appear in the "Scopes" section.

      Show
      SaaS 1. Login to the Admin Portal using an Administrator account. 2. Select an user in Account Settings --> Users --> Listing. 3. Grant all permissions except for "Developer Accounts – Applications". 4. Login to the Admin Portal as the user account. 5. Access: Account Settings --> Personal --> Tokens. 6. Create a new "Read & Write" Access Token. 7. "Account Management API" will not appear in the "Scopes" section. On-premises 2.3 or below 1. Login to the Admin Portal using an Administrator account. 2. Select an user in Account & Personal Settings --> Account --> Users. 3. Grant all permissions except for "Developer Accounts – Applications". 4. Login to the Admin Portal as the user account. 5. Access: Account & Personal Settings --> Personal Settings --> Tokens. 6. Create a new "Read & Write" Access Token. 7. "Account Management API" will not appear in the "Scopes" section.

      This issue is not really ready to estimate. See "Dev note" below.

      Currently, only the "Developer Accounts – Applications" permission allows access to the Account Management API for an Admin Portal member user.

      We expect this access to be enabled with the other following permissions:

      • Developer portal
      • Settings
      • Integrations & Application plan

      Dev note
      This requires rethinking the way of grouping API endpoints within scopes and therefore something that should be planned and discussed in the context of https://issues.jboss.org/browse/THREESCALE-3923.

      ==========================================

      Meanwhile, an estimate to have this issue fixed is based on the assumption that those member users can be given access to the entire scope, not just a subset of endpoints. Either way Product amasferr needs to validate this, both the assumption and the proper expected behaviour for the permissions as a whole.

      Update 18 December, 2019: It is not clear what should happen here (see this comment . For now, i will return the label "needs definition" and reiterate that the entire permissions scheme needs to be well thought out instead of making piecemeal changes to something that is not working at a more global level.

              Unassigned Unassigned
              rhn-support-ekonecsn Estevao Konecsni
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: