Hi All, In APIM 3.0, we plan to have a feature for enabling Read, Update, Delete permissions for an API based on roles in API Publisher. For user validation purposes, we need to retrieve the list of roles for the loggedin user. This role list is retrieved using the user's SCIM Id. But since the admin user by default does not have an ID as per [1] and is not regarded as a SCIM user, we wont be able to retrieve the list of roles for the admin.
There are two possible options for making this work. *Option 1: *Either from APIM 3.0 side we should make a call to the SCIM endpoint and update the admin user to have a SCIM ID as in [1], preferably during startup or * Option 2: *We can make the admin user have an Id by default from SCIM Implementation in IS. If we go with Option 1, it amounts to an additional call to the SCIM endpoint to update the user and a question arises as to where we should be updating it. The SCIM Id for the admin user is needed only in this scenario for retrieving roles currently, hence updating the admin user during startup is questionable. IMO Option 2 is preferrable because it will not result in an additional update as in Option 1 above. WDYT? Will there be any plans to include this capability in IS 5.4.0? [1] [Dev] [IS] Admin/Tenant Admin Users cannot be filtered to get the SCIM ID Thanks, Tharika. -- *Tharika Madurapperuma* Software Engineer | WSO2, Inc. Email : thar...@wso2.com Mobile : +94777875624 Web : http://wso2.com <http://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
