Hi Tharika, On Mon, Jun 12, 2017 at 2:25 PM, Tharika Madurapperuma <[email protected]> wrote:
> Hi All, > > In APIM 3.0, we plan to have a feature for enabling Read, Update, > Delete permissions for an API based on roles in API Publisher. For user > validation purposes, we need to retrieve the list of roles for the loggedin > user. This role list is retrieved using the user's SCIM Id. But since the > admin user by default does not have an ID as per [1] and is not regarded as > a SCIM user, we wont be able to retrieve the list of roles for the admin. > > There are two possible options for making this work. > > *Option 1: *Either from APIM 3.0 side we should make a call to the > SCIM endpoint and update the admin user to have a SCIM ID as in [1], > preferably during startup or > I'm not sure how this will work. How do we update the user if that user doesn't have a SCIM ID? I also went through the thread you have mentioned. It seems like there is some communication in it. However, if you tried this already and it's working, then we can go with it. If not, I think we have only option 2. Thanks, Bhathiya > * Option 2: *We can make the admin user have an Id by default from SCIM > Implementation in IS. > > If we go with Option 1, it amounts to an additional call to the SCIM > endpoint to update the user and a question arises as to where we should be > updating it. The SCIM Id for the admin user is needed only in this scenario > for retrieving roles currently, hence updating the admin user during > startup is questionable. > > IMO Option 2 is preferrable because it will not result in an additional > update as in Option 1 above. > > WDYT? > > Will there be any plans to include this capability in IS 5.4.0? > > [1] [Dev] [IS] Admin/Tenant Admin Users cannot be filtered to get the > SCIM ID > > Thanks, > Tharika. > > -- > *Tharika Madurapperuma* > Software Engineer | WSO2, Inc. > > Email : [email protected] > Mobile : +94777875624 <077%20787%205624> > Web : http://wso2.com > > <http://wso2.com/signature> > -- *Bhathiya Jayasekara* *Associate Technical Lead,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
