User story #5627
Readonly API or otherwise restrictable API Accounts
currently it is possible to create different API Accounts for different tasks.
For outside interaction (other applications pulling data from rudder) the API works but not in all cases the accessing application should be permitted to do any changes in rudder.
Some way for this would be having accounts that are restricted to i.e. readonly accesses.
#1 Updated by François ARMAND over 3 years ago
A clearly valid use case !
Some more thought on it:
- do you want more than just read/write authorization granularity ? For example, we may thing that some coniguration details are not at all public (port, passwords - even only hashes, etc)
- as a first workaround, one can configure Rudder Apache to only accept GET method on API url. As we really use verbs semantic, GET === read-only (write is done with PUT or POST).
#6 Updated by François ARMAND 4 months ago
Work in progess here: https://github.com/fanf/rudder/commit/601856f3a8879a9d073b1acc0f30e2bdfaf0f3e8
#7 Updated by François ARMAND 3 months ago
Work in progess here: https://github.com/fanf/rudder/commit/8dd3e90436d2bbf4149e11960d63bbf68e9cf4e8
#8 Updated by François ARMAND 3 months ago
Work in progess here: https://github.com/fanf/rudder/commit/798ab413c2d479a3238035b6f5dbbde4ef3e33f4
#9 Updated by François ARMAND 3 months ago
Work in progess here: https://github.com/fanf/rudder/commit/8151b7647c51ce28e01046770a2804b0b65ebf62
#10 Updated by François ARMAND 3 months ago
Work in progess here: https://github.com/fanf/rudder/commit/2b73fc8c357aea732d4ba9fbc80e8b7469562162