Can shared users generate keys for the application? After first time if one user regenerate application access key then it will effect others as we revoke and generate application token. I think regenerate option and application access token visibility also should remove for above shared users. I think generate token with resource owner grant by non app owner may cause issues.
Thanks, sanjeewa. On Wed, Feb 7, 2018 at 11:57 AM, Uvindra Dias Jayasinha <[email protected]> wrote: > +1 Agreed with Nuwan about how subscriptions should be handled > > > Regarding the behavior of the Admin shared user, seems this is not > required because we already have an Admin REST API to change Application > ownership available in 2.2.0[1] as discussed in the mail thread[2]. This > addresses the requirement of what would happen if an App owner leaves the > organization. So we will only address the App Owner and Shared User > experience. > > [1]https://docs.wso2.com/display/AM2xx/apidocs/admin/#! > /operations#Application#applicationsApplicationIdChangeOwnerPost > [2][C4[]APIM] REST API for changing Owner of a Application > > On 7 February 2018 at 11:18, Nuwan Dias <[email protected]> wrote: > >> >> >> On Wed, Feb 7, 2018 at 11:14 AM, Uvindra Dias Jayasinha <[email protected] >> > wrote: >> >>> Hi All, >>> >>> It seems that currently we do not have a clear definition in regarding >>> what users can do with shared applications. This has been highlighted in[1] >>> and the plan is to address this as part of the APIM 2.2.0 release. >>> >>> There are two types of users, the *App owner* who creates the App and >>> the *shared user* who is able to view the App that is shared with them >>> by the App owner. >>> >>> *Current issues* >>> 1. Product allows shared users to attempt updating Apps that are not >>> owned by them, which leads to errors because they do not have the required >>> permissions. >>> >>> 2. Product allows shared users to delete Apps that are not owned by them >>> which violate the Application ownership concept. >>> >>> The plan to address this is as follows >>> >>> *Solution* >>> 1. *App Owner *: Has ability to delete/update Apps owned by them. >>> >>> 2. *Shared user*: Has only Read only access to Apps shared with >>> them(cannot delete/update). >>> Deletion and updation of Apps will be restricted at API Store UI level. >>> App ownership will be checked before performing App update/delete from >>> server side in order to enforce this for REST API calls >>> >> >> Shared user needs to view, remove and add subscriptions too IMO. >> >>> >>> 3 *Admin shared user* : Has ability to delete/update Apps shared with >>> them. The reason for this is to address practical issues that take place >>> when the App owner leaves an organization and there needs to be some way to >>> delete/update such an Application. >>> >> >> +1 >> >>> >>> >>> Please give your feedback on the above. >>> >>> >>> [1] https://github.com/wso2/product-apim/issues/2690 >>> -- >>> Regards, >>> Uvindra >>> >>> Mobile: 777733962 >>> >> >> >> >> -- >> Nuwan Dias >> >> Software Architect - WSO2, Inc. http://wso2.com >> email : [email protected] >> Phone : +94 777 775 729 <+94%2077%20777%205729> >> > > > > -- > Regards, > Uvindra > > Mobile: 777733962 > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
