Project

General

Profile

Actions

User story #5798

closed

Different access levels for API keys / REST API authorizations and rights

Added by Florian Heigl about 10 years ago. Updated almost 7 years ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
API
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

It would be very very helpful to assign permissions to API keys.

  • The most important piece would being able to create ones that only have readonly access.
  • use normal user levels
  • allow accepting nodes only
  • allow access depending on origin of the caller (localhost, trusted networks, ...)

One very heartwarming bonus would be to be allowed to skip validation / change requests for API based accesses (by token)
Audit log doesn't need to be skippable ;)


Related issues 4 (1 open3 closed)

Related to Rudder - User story #6193: Add a command to create api tokenRejectedActions
Related to Rudder - User story #8183: Add a more detailed status API with component statusNewVincent MEMBRÉActions
Related to Rudder - User story #10678: REST Api authorization management by rolesRejectedActions
Is duplicate of Rudder - User story #5627: Readonly API or otherwise restrictable API AccountsReleasedFrançois ARMANDActions
Actions #1

Updated by François ARMAND about 10 years ago

  • Assignee set to François ARMAND
  • Target version set to 3.0.0~beta1

Well, yes, of course.

The read only is a must have - no excuse for that.

The rights and change request things are nice, I will look about how to do that (in particular the one for validation skiping, it makes a lot of sense).

Actions #2

Updated by Jonathan CLARKE about 10 years ago

  • Target version changed from 3.0.0~beta1 to 3.1.0~beta1
Actions #3

Updated by Benoît PECCATTE almost 10 years ago

  • Description updated (diff)
Actions #4

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 3.1.0~beta1 to 3.1.0~rc1
Actions #5

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 3.1.0~rc1 to 3.1.0
Actions #8

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 3.1.0 to 3.1.1
Actions #9

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 3.1.1 to 3.1.2
Actions #10

Updated by Jonathan CLARKE over 9 years ago

  • Target version changed from 3.1.2 to 3.2.0~beta1
Actions #11

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 3.2.0~beta1 to 3.2.0~rc1
Actions #12

Updated by Benoît PECCATTE about 9 years ago

  • Target version changed from 3.2.0~rc1 to 3.2.0~rc2
Actions #13

Updated by Benoît PECCATTE almost 9 years ago

  • Target version changed from 3.2.0~rc2 to 3.2.0
Actions #14

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 3.2.0 to 3.2.1
Actions #15

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 3.2.1 to 3.2.2
Actions #16

Updated by Alexis Mousset almost 9 years ago

  • Target version changed from 3.2.2 to 4.0.0~rc2
Actions #17

Updated by Janos Mattyasovszky over 8 years ago

  • Related to User story #8183: Add a more detailed status API with component status added
Actions #18

Updated by François ARMAND over 8 years ago

  • Related to User story #5627: Readonly API or otherwise restrictable API Accounts added
Actions #19

Updated by François ARMAND about 8 years ago

  • Target version changed from 4.0.0~rc2 to 4.1.0~beta1
Actions #20

Updated by Vincent MEMBRÉ almost 8 years ago

  • Target version changed from 4.1.0~beta1 to 4.1.0~beta2
Actions #21

Updated by Vincent MEMBRÉ almost 8 years ago

  • Target version changed from 4.1.0~beta2 to 4.1.0~beta3
Actions #22

Updated by Vincent MEMBRÉ almost 8 years ago

  • Target version changed from 4.1.0~beta3 to 4.1.0~rc1
Actions #23

Updated by François ARMAND almost 8 years ago

  • Target version changed from 4.1.0~rc1 to 4.2.0~beta1
Actions #24

Updated by François ARMAND over 7 years ago

  • Subject changed from Different access levels for API keys to Different access levels for API keys / REST API authorizations and rights
Actions #25

Updated by François ARMAND over 7 years ago

Actions #26

Updated by Alexis Mousset over 7 years ago

  • Target version changed from 4.2.0~beta1 to 4.2.0~beta2
Actions #27

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 4.2.0~beta2 to 4.2.0~beta3
Actions #28

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 4.2.0~beta3 to 4.2.0~rc1
Actions #29

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 4.2.0~rc1 to 4.2.0~rc2
Actions #30

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 4.2.0~rc2 to 4.2.0
Actions #31

Updated by Vincent MEMBRÉ about 7 years ago

  • Target version changed from 4.2.0 to 4.2.1
Actions #32

Updated by Vincent MEMBRÉ about 7 years ago

  • Target version changed from 4.2.1 to 4.2.2
Actions #33

Updated by Vincent MEMBRÉ about 7 years ago

  • Target version changed from 4.2.2 to 4.2.3
Actions #34

Updated by Vincent MEMBRÉ about 7 years ago

  • Target version changed from 4.2.3 to 4.2.4
Actions #35

Updated by François ARMAND almost 7 years ago

  • Status changed from New to Rejected
  • Assignee deleted (François ARMAND)
  • Target version changed from 4.2.4 to 4.3.0~rc1

Now that #5627 is implemented, we can tell that that one is actually a duplicate :)

Actions #36

Updated by François ARMAND almost 7 years ago

  • Related to deleted (User story #5627: Readonly API or otherwise restrictable API Accounts)
Actions #37

Updated by François ARMAND almost 7 years ago

  • Is duplicate of User story #5627: Readonly API or otherwise restrictable API Accounts added
Actions

Also available in: Atom PDF