Hi Malintha, Yes, the better option is to create new permissions for DCR, rather reusing already defined permissions. You can refer [1] to see how the recently developed IS workflow component defined its permission model and it's hierarchy.
[1] http://cdwijayarathna.blogspot.com/2016/01/permission-model-of-wso2-is-workflow.html Thanks, On Tue, Mar 1, 2016 at 6:20 AM, Malintha Amarasinghe <[email protected]> wrote: > Hi All, > > Currently Dynamic Client Registration (DCR) module in API Manager [1] > allows to create OAuth applications irrespective of user permissions. That > might lead to problems as any user can directly create Apps which might be > unusable and they can flood the system too. > > Currently in API Manager we have following permissions defined. > > /permission/admin/manage/api/create > /permission/admin/manage/api/publish > /permission/admin/manage/api/subscribe > > We initially thought of letting user to create OAuth apps through DCR only > if user has any of the above permissions. But it then allows *ALL* > creators/subscribers and publishers to create OAuth apps through DCR and we > cannot restrict that. > > Hence, we are suggesting to use a new permission for create an OAuth app > using DCR. Then we can specifically choose which user can access DCR. > > Please share your thoughts. > > PS: > As per [2] current DCR module of API Manager will be moved as an IS > component. > > Thanks, > Malintha > > [1] > https://github.com/wso2/carbon-apimgt/tree/master/components/apimgt/org.wso2.carbon.apimgt.rest.api.dcr/src/main/java/org/wso2/carbon/apimgt/rest/api/dcr/web > [2] https://github.com/wso2/carbon-identity/pull/1712/files > > -- > Malintha Amarasinghe > Software Engineer > *WSO2, Inc. - lean | enterprise | middleware* > http://wso2.com/ > > Mobile : +94 712383306 > -- Regards, *Darshana Gunawardana*Senior Software Engineer WSO2 Inc.; http://wso2.com *E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
