Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
[management-api] Fine-grained rights management #180
In order to be smoother on user rights management, what do you think about managing Group API permissions instead of managing them one by one.
Here's some explanations :
Considering we have several APIs
I expect to group several API into groups
Now i want to create a role which will be composed of permissions :
E-commerce API consumer role giving access to :
E-commerce API admin role giving access to :
Please note that if an API is public, it must be considered as viewable by everyone. So the view permission has sense only for private API
Now we just need to give roles to our users
Create custom roles is definitely a good idea. The permissions system has been developed to allow that.
Another approach would be to manage access like Bitbucket :
You add the group Ecommerce Api consumers with role API consumer on each ECommerce APIs
This way, I think we could easily create a global API Admins , API consumers without having to group your API.
I think that's a better way to manage it.
We manage group of user and give roles to group.
So to resume :
How do you expect to manage ADMIN Group?
Yes de default checkbox is needed to ease management of APIs.
I was playing with my Synology NAS, and i looked how rights were managed.
Note that there's several tabs to manage differents kind of rights.
Note that the user rights management screen are the same than the group...
Finally we can imagine the same thing, create a group "E-commerce" and having a tab :
This means manage permissions by usergroup ?
I think a usergroup must be associated with a role on each api (and a default role).
And thats all. In the member section of api and application, you could search group and user, and override their default role.