On 13 February 2018 at 18:02, Chamin Dias <cham...@wso2.com> wrote:

> Hi,
>
> Can we promote a "shared user" to "admin shared user" (and vise versa)? Is
> it supported in this feature?
>
> Thanks.
>
>
 @Chamin, there is no such thing as an admin shrared user. We do have a
facility of changing the owner of an application though[1]

[1] https://docs.wso2.com/display/AM2xx/apidocs/admin/#!
/operations#Application#applicationsApplicationIdChangeOwnerPost


>
> On Tue, Feb 13, 2018 at 3:51 PM, Harsha Kumara <hars...@wso2.com> wrote:
>
>> @Sanjeewa, Uvindra can we actually prevent it? Basically we can hide it
>> from UI. But since he know the consumer key and secret, he can simply
>> revoke and regenerate the token.
>>
>> On Thu, Feb 8, 2018 at 2:57 PM, Uvindra Dias Jayasinha <uvin...@wso2.com>
>> wrote:
>>
>>> Yes we can safely prevent shared users from regenerating access tokens
>>> of Apps that they are not owners of. This ideally shouldnt be an issue
>>> since Apps should have provision to regenerate a token if required.
>>>
>>> On 8 February 2018 at 14:23, Sanjeewa Malalgoda <sanje...@wso2.com>
>>> wrote:
>>>
>>>> Can shared users generate keys for the application? After first time if
>>>> one user regenerate application access key then it will effect others as we
>>>> revoke and generate application token.
>>>> I think regenerate option and application access token visibility also
>>>> should remove for above shared users. I think generate token with resource
>>>> owner grant by non app owner may cause issues.
>>>>
>>>> Thanks,
>>>> sanjeewa.
>>>>
>>>> On Wed, Feb 7, 2018 at 11:57 AM, Uvindra Dias Jayasinha <
>>>> uvin...@wso2.com> wrote:
>>>>
>>>>> +1 Agreed with Nuwan about how subscriptions should be handled
>>>>>
>>>>>
>>>>> Regarding the behavior of the Admin shared user, seems this is not
>>>>> required because we already have an Admin REST API to change Application
>>>>> ownership available in 2.2.0[1] as discussed in the mail thread[2]. This
>>>>> addresses the requirement of what would happen if an App owner leaves the
>>>>> organization. So we will only address the App Owner and Shared User
>>>>> experience.
>>>>>
>>>>> [1]https://docs.wso2.com/display/AM2xx/apidocs/admin/#!/oper
>>>>> ations#Application#applicationsApplicationIdChangeOwnerPost
>>>>> [2][C4[]APIM] REST API for changing Owner of a Application
>>>>>
>>>>> On 7 February 2018 at 11:18, Nuwan Dias <nuw...@wso2.com> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Feb 7, 2018 at 11:14 AM, Uvindra Dias Jayasinha <
>>>>>> uvin...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> It seems that currently we do not have a clear definition in
>>>>>>> regarding what users can do with shared applications. This has been
>>>>>>> highlighted in[1] and the plan is to address this as part of the APIM 
>>>>>>> 2.2.0
>>>>>>> release.
>>>>>>>
>>>>>>> There are two types of users, the *App owner* who creates the App
>>>>>>> and the *shared user* who is able to view the App that is shared
>>>>>>> with them by the App owner.
>>>>>>>
>>>>>>> *Current issues*
>>>>>>> 1. Product allows shared users to attempt updating Apps that are not
>>>>>>> owned by them, which leads to errors because they do not have the 
>>>>>>> required
>>>>>>> permissions.
>>>>>>>
>>>>>>> 2. Product allows shared users to delete Apps that are not owned by
>>>>>>> them which violate the Application ownership concept.
>>>>>>>
>>>>>>> The plan to address this is as follows
>>>>>>>
>>>>>>> *Solution*
>>>>>>> 1. *App Owner *: Has ability to delete/update Apps owned by them.
>>>>>>>
>>>>>>> 2. *Shared user*: Has only Read only access to Apps shared with
>>>>>>> them(cannot delete/update).
>>>>>>> Deletion and updation of Apps will be restricted at API Store UI
>>>>>>> level. App ownership will be   checked before performing App 
>>>>>>> update/delete
>>>>>>> from server side in  order to   enforce this for REST API calls
>>>>>>>
>>>>>>
>>>>>> Shared user needs to view, remove and add subscriptions too IMO.
>>>>>>
>>>>>>>
>>>>>>> 3 *Admin shared user* : Has ability to delete/update Apps shared
>>>>>>> with them. The reason for this is to address practical issues that take
>>>>>>> place when the App owner leaves an organization and there needs to be 
>>>>>>> some
>>>>>>> way to delete/update such an Application.
>>>>>>>
>>>>>>
>>>>>> +1
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Please give your feedback on the above.
>>>>>>>
>>>>>>>
>>>>>>> [1] https://github.com/wso2/product-apim/issues/2690
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Uvindra
>>>>>>>
>>>>>>> Mobile: 777733962
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Nuwan Dias
>>>>>>
>>>>>> Software Architect - WSO2, Inc. http://wso2.com
>>>>>> email : nuw...@wso2.com
>>>>>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Uvindra
>>>>>
>>>>> Mobile: 777733962
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Sanjeewa Malalgoda*
>>>> WSO2 Inc.
>>>> Mobile : +94713068779 <+94%2071%20306%208779>
>>>>
>>>> <http://sanjeewamalalgoda.blogspot.com/>blog
>>>> :http://sanjeewamalalgoda.blogspot.com/
>>>> <http://sanjeewamalalgoda.blogspot.com/>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Uvindra
>>>
>>> Mobile: 777733962
>>>
>>
>>
>>
>> --
>> Harsha Kumara
>> Software Engineer, WSO2 Inc.
>> Mobile: +94775505618 <+94%2077%20550%205618>
>> Blog:harshcreationz.blogspot.com
>>
>> _______________________________________________
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Chamin Dias
> Mobile : 0716097455
> Email : cham...@wso2.com
> LinkedIn : https://www.linkedin.com/in/chamindias
>
>
> _______________________________________________
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
Regards,
Uvindra

Mobile: 777733962
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to