Hi, Can we promote a "shared user" to "admin shared user" (and vise versa)? Is it supported in this feature?
Thanks. On Tue, Feb 13, 2018 at 3:51 PM, Harsha Kumara <hars...@wso2.com> wrote: > @Sanjeewa, Uvindra can we actually prevent it? Basically we can hide it > from UI. But since he know the consumer key and secret, he can simply > revoke and regenerate the token. > > On Thu, Feb 8, 2018 at 2:57 PM, Uvindra Dias Jayasinha <uvin...@wso2.com> > wrote: > >> Yes we can safely prevent shared users from regenerating access tokens of >> Apps that they are not owners of. This ideally shouldnt be an issue since >> Apps should have provision to regenerate a token if required. >> >> On 8 February 2018 at 14:23, Sanjeewa Malalgoda <sanje...@wso2.com> >> wrote: >> >>> Can shared users generate keys for the application? After first time if >>> one user regenerate application access key then it will effect others as we >>> revoke and generate application token. >>> I think regenerate option and application access token visibility also >>> should remove for above shared users. I think generate token with resource >>> owner grant by non app owner may cause issues. >>> >>> Thanks, >>> sanjeewa. >>> >>> On Wed, Feb 7, 2018 at 11:57 AM, Uvindra Dias Jayasinha < >>> uvin...@wso2.com> wrote: >>> >>>> +1 Agreed with Nuwan about how subscriptions should be handled >>>> >>>> >>>> Regarding the behavior of the Admin shared user, seems this is not >>>> required because we already have an Admin REST API to change Application >>>> ownership available in 2.2.0[1] as discussed in the mail thread[2]. This >>>> addresses the requirement of what would happen if an App owner leaves the >>>> organization. So we will only address the App Owner and Shared User >>>> experience. >>>> >>>> [1]https://docs.wso2.com/display/AM2xx/apidocs/admin/#!/oper >>>> ations#Application#applicationsApplicationIdChangeOwnerPost >>>> [2][C4[]APIM] REST API for changing Owner of a Application >>>> >>>> On 7 February 2018 at 11:18, Nuwan Dias <nuw...@wso2.com> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Feb 7, 2018 at 11:14 AM, Uvindra Dias Jayasinha < >>>>> uvin...@wso2.com> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> It seems that currently we do not have a clear definition in >>>>>> regarding what users can do with shared applications. This has been >>>>>> highlighted in[1] and the plan is to address this as part of the APIM >>>>>> 2.2.0 >>>>>> release. >>>>>> >>>>>> There are two types of users, the *App owner* who creates the App >>>>>> and the *shared user* who is able to view the App that is shared >>>>>> with them by the App owner. >>>>>> >>>>>> *Current issues* >>>>>> 1. Product allows shared users to attempt updating Apps that are not >>>>>> owned by them, which leads to errors because they do not have the >>>>>> required >>>>>> permissions. >>>>>> >>>>>> 2. Product allows shared users to delete Apps that are not owned by >>>>>> them which violate the Application ownership concept. >>>>>> >>>>>> The plan to address this is as follows >>>>>> >>>>>> *Solution* >>>>>> 1. *App Owner *: Has ability to delete/update Apps owned by them. >>>>>> >>>>>> 2. *Shared user*: Has only Read only access to Apps shared with >>>>>> them(cannot delete/update). >>>>>> Deletion and updation of Apps will be restricted at API Store UI >>>>>> level. App ownership will be checked before performing App >>>>>> update/delete >>>>>> from server side in order to enforce this for REST API calls >>>>>> >>>>> >>>>> Shared user needs to view, remove and add subscriptions too IMO. >>>>> >>>>>> >>>>>> 3 *Admin shared user* : Has ability to delete/update Apps shared >>>>>> with them. The reason for this is to address practical issues that take >>>>>> place when the App owner leaves an organization and there needs to be >>>>>> some >>>>>> way to delete/update such an Application. >>>>>> >>>>> >>>>> +1 >>>>> >>>>>> >>>>>> >>>>>> Please give your feedback on the above. >>>>>> >>>>>> >>>>>> [1] https://github.com/wso2/product-apim/issues/2690 >>>>>> -- >>>>>> Regards, >>>>>> Uvindra >>>>>> >>>>>> Mobile: 777733962 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Nuwan Dias >>>>> >>>>> Software Architect - WSO2, Inc. http://wso2.com >>>>> email : nuw...@wso2.com >>>>> Phone : +94 777 775 729 <+94%2077%20777%205729> >>>>> >>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Uvindra >>>> >>>> Mobile: 777733962 >>>> >>> >>> >>> >>> -- >>> >>> *Sanjeewa Malalgoda* >>> WSO2 Inc. >>> Mobile : +94713068779 <+94%2071%20306%208779> >>> >>> <http://sanjeewamalalgoda.blogspot.com/>blog >>> :http://sanjeewamalalgoda.blogspot.com/ >>> <http://sanjeewamalalgoda.blogspot.com/> >>> >>> >>> >> >> >> -- >> Regards, >> Uvindra >> >> Mobile: 777733962 >> > > > > -- > Harsha Kumara > Software Engineer, WSO2 Inc. > Mobile: +94775505618 <+94%2077%20550%205618> > Blog:harshcreationz.blogspot.com > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Chamin Dias Mobile : 0716097455 Email : cham...@wso2.com LinkedIn : https://www.linkedin.com/in/chamindias
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
