On Mon, May 8, 2017 at 3:42 PM, Ishara Cooray <[email protected]> wrote:
> > > *Motivation:* > Before c5, API Manager product REST APIs resources have pre defined scopes > and they cannot be changed. > > But what if an admin needs to give access to Create, Update, Delete > actions to different users? > if he can customize the scopes associated with each resource, then he will > be able to fine grain the access to each resource. > > > > *Design:*With C5, we thought of allowing admin users to add/change scopes > in product REST APIs to meet their fine grained requirements. > > At the moment we can think of two ways to do this. > > 1. *Allow to edit the scopes defined per resource * > In this case we can copy the swagger file into conf directory at build > time, so that it can be maintained as a usual configuration file. > > When server startup we can copy these swagger files to conf directory and refer it from there. Maintain separate file for mapping make things more complex IMO. Lets follow this for all swagger based APIs. Thanks, sanjeewa. > > 1. > 2. *Introduce a new config file to track resource to scope mapping.* > In this case the issue is resource to scope mapping will be duplicated. > > Appreciate your insight on this. > > > Thanks & Regards, > Ishara Cooray > Senior Software Engineer > Mobile : +9477 262 9512 <+94%2077%20262%209512> > WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
