Introduce READ_TENANT_CONFIGURATION permission
avgustinmm opened this issue · 1 comments
avgustinmm commented
Currently, the tenant configuration access is all or nothing - you cannot have user permissions that allow only reading of the configuration without being able to modify it. This approach has the following disadvantages:
- Lack of permission granularity
- If you implement UI via REST API which depends on configuration values you should grant TENANT_CONFIGIRATION which will allow use also to change (potentially break) the tenant configuration.
So, the proposal is to introduce READ_TENANT_CONFIGURATION in order to allow read access which will make things more fluent.
Things that shall be taken in account:
- Gateway token shall be protected by special permission (as target security token)
- Current users having TENANT_CONFIGURATION shall be able to also read the tenant configuration. So TENANT_CONFIGURATION shall imply READ_TENANT_CONFIGURATION
avgustinmm commented
Introduced READ_TENANT_CONFIGURATION need to read tenant config (implied by TENANT_CONFIGURATION)
Introduced READ_GATEWAY_SEC_TOKEN which is needed in order to read gateway security token (implied by GATEWAY_SEC_TOKEN)