On Wed, Aug 17, 2016 at 12:09 AM, Bhathiya Jayasekara <[email protected]> wrote:
> Hi, > > On Tue, Aug 16, 2016 at 10:31 PM, Harsha Kumara <[email protected]> wrote: > >> >> We can use a role base model to control the visibility of defined >> endpoints. >> > > But this will be challenging since we don't have a role based access > control for APIs in publisher. Actually it does not make sense to have such > an access control only for endpoints when APIs are open to all. For > example, say endpoint E1 is visible only to Role1, and Role2 can't see > that. If someone with Role1 creates an API with E1, all users in Role2 also > can see that API, which means they can/should see E1 too. So IMO, first we > have to come to a decision whether we implement roles base API visibility > in publisher or not. Then we can decide how to implement visibility for > endpoints. > > Yes, currently anyone can see the APIs in publisher able to look at the defined endpoints in implementation phase. Since we only giving option of selecting the endpoint name only, user who don't have the required role only see the name of it. But again it's not consistent. If we going to support the endpoint visibility based on a scheme such as role based, we may need to look at the API visibility in publisher as well. Thanks, > Bhathiya > > >> >> >>> Thanks, >>> sanjeewa. >>> >>>> [1] - http://wso2.com/library/articles/2016/03/article-architect >>>>> ing-a-multi-environment-api-manager-deployment-with-wso2-api-manager/ >>>>> >>>>> Thanks, >>>>> Harsha >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Harsha Kumara >>>>> Software Engineer, WSO2 Inc. >>>>> Mobile: +94775505618 >>>>> Blog:harshcreationz.blogspot.com >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> *Sanjeewa Malalgoda* >>>> WSO2 Inc. >>>> Mobile : +94713068779 >>>> >>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>> :http://sanjeewamalalgoda.blogspot.com/ >>>> <http://sanjeewamalalgoda.blogspot.com/> >>>> >>>> >>>> >>> >>> >>> -- >>> >>> *Sanjeewa Malalgoda* >>> WSO2 Inc. >>> Mobile : +94713068779 >>> >>> <http://sanjeewamalalgoda.blogspot.com/>blog >>> :http://sanjeewamalalgoda.blogspot.com/ >>> <http://sanjeewamalalgoda.blogspot.com/> >>> >>> >>> >> >> >> -- >> Harsha Kumara >> Software Engineer, WSO2 Inc. >> Mobile: +94775505618 >> Blog:harshcreationz.blogspot.com >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Bhathiya Jayasekara* > *Senior Software Engineer,* > *WSO2 inc., http://wso2.com <http://wso2.com>* > > *Phone: +94715478185 <%2B94715478185>* > *LinkedIn: http://www.linkedin.com/in/bhathiyaj > <http://www.linkedin.com/in/bhathiyaj>* > *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* > *Blog: http://movingaheadblog.blogspot.com > <http://movingaheadblog.blogspot.com/>* > -- Harsha Kumara Software Engineer, WSO2 Inc. Mobile: +94775505618 Blog:harshcreationz.blogspot.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
