Several questions regarding the "registerUserKeys" API: 1. Only the ROOT admin have access to it. In a public cloud, it does not make sense for the ROOT admin to create keys for every user in every domain. The responsibility should go to domain admins. Is there a plan to give domain admin access to the API? 2. The API simply takes user id as parameter. It does not take into account whether the user already has a key or not. User's key will be overwritten if he/she already has one. Should we change the API a little bit to take this into account? 3. You can actually generate key for the internal "system" user (with id=0). It might cause some issues if "system" is meant to be an internal user only. Is there a valid use case for system user to use its API key? If not, it should be blocked.
Thanks. - Ming
