Ability to create read only access tokens (OD-1985)
Closed
Simeon L. opened 2 weeks ago

This is linked to OD-1984, we would love to have a way to create an access token that can be used to read from the API but not write to it. Having to use the "Has Owner Permissions" flag is a huge security risk.

jbauer commented 2 weeks ago

I think you can do that. First create a read-only role. Then you need to decide if you want to create a new user, e.g. api-user, or use an existing user for your access token. If you create a new api-user then just assign the read-only role for that user and later use "Has Owner Permissions" in the access token configuration. If you use an existing, real user then do not select "Has Owner Permissions" in the access token configuration screen but instead select the read-only role in the authorized projects table.

If you organize your project under a common top level projects, e.g. my-company, then the configuration is for all sub-projects.

So you could for example have a user Simeon with general admin privileges and with an access token. That access token has authorized projects set to "my-company" and role "read-only" and "Has Owner Permissions" is turned off.

Robin Shen commented 2 weeks ago

This is linked to OD-1984, we would love to have a way to create an access token that can be used to read from the API but not write to it. Having to use the "Has Owner Permissions" flag is a huge security risk.

I guess you want to generate an access token only has read permission for agents endpoint? If so, agent endpoint is designed only accessible by administrator as many other system level settings, and read only access for these settings will not be supported.

Robin Shen changed state to 'Closed' 1 week ago
Previous Value Current Value
Open
Closed
issue 1 of 1
Type
Improvement
Priority
Normal
Assignee
Labels
No labels
Issue Votes (0)
Watchers (3)
Reference
OD-1985
Please wait...
Page is in error, reload to recover