On Wed, Feb 7, 2018 at 11:14 AM, Uvindra Dias Jayasinha <[email protected]> wrote:
> Hi All, > > It seems that currently we do not have a clear definition in regarding > what users can do with shared applications. This has been highlighted in[1] > and the plan is to address this as part of the APIM 2.2.0 release. > > There are two types of users, the *App owner* who creates the App and the > *shared > user* who is able to view the App that is shared with them by the App > owner. > > *Current issues* > 1. Product allows shared users to attempt updating Apps that are not owned > by them, which leads to errors because they do not have the required > permissions. > > 2. Product allows shared users to delete Apps that are not owned by them > which violate the Application ownership concept. > > The plan to address this is as follows > > *Solution* > 1. *App Owner *: Has ability to delete/update Apps owned by them. > > 2. *Shared user*: Has only Read only access to Apps shared with > them(cannot delete/update). > Deletion and updation of Apps will be restricted at API Store UI level. > App ownership will be checked before performing App update/delete from > server side in order to enforce this for REST API calls > Shared user needs to view, remove and add subscriptions too IMO. > > 3 *Admin shared user* : Has ability to delete/update Apps shared with > them. The reason for this is to address practical issues that take place > when the App owner leaves an organization and there needs to be some way to > delete/update such an Application. > +1 > > > Please give your feedback on the above. > > > [1] https://github.com/wso2/product-apim/issues/2690 > -- > Regards, > Uvindra > > Mobile: 777733962 > -- Nuwan Dias Software Architect - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
