rob05c edited a comment on issue #2978: /api/1.x/deliveryserviceserver in Perl used to respect tenancy, but in Go doesn't URL: https://github.com/apache/trafficcontrol/issues/2978#issuecomment-434846004 This is a bit borderline, whether it should be controlled by Tenancy. Tenancy only applies to Delivery Services. I can’t imagine someone having permission to servers, but not all delivery services, as an operator. Really, only an admin/operator should have the Capability for `/deliveryserviceserver` at all. The right solution for a CDN operator, is to control access to this endpoint via Capabilities, not Tenancy. I think I agree, we should add Tenancy there, in case someone is trying to use Tenancy that way, we should at least try to make it work as much as possible. With the caveat that anyone trying to do things, like allow users to view Servers but not certain Delivery Services, are going to run into limitations of the design, and should be aware of that, and should _definitely_ double-check themselves that the user can only access what they want the user to access. We should consider putting that in the documentation about Tenancy, Roles, and Capabilities.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
