Skip to content

Limit API access based on user role #15361

New issue
New issue
Closed
Closed
Limit API access based on user role#15361
Labels
aspect: securityAnything related to preventing vulnerabilitiescomponent: public-apiteam: webappIssue belongs to the WebApp teamtype: improvementImproves an existing feature or existing code
@gtsiolis

Description

@gtsiolis
gtsiolis
opened on Dec 15, 2022

Problem to solve

Following up from #15350 (comment), we should make sure that API access is matching the permissions to access resources like dashboard features available based on the user role. 🔍

Currently, we have two distinct roles for teams (OWNER, MEMBER), however, users may also have ADMIN flag that can be set through admin user settings.

It could be worth clearly defining across an instance so that it's easier to limit access in the product as well as API. 💡

Cc @easyCZ @svenefftinge

Metadata

Metadata

Assignees

No one assigned

    Labels

    aspect: securityAnything related to preventing vulnerabilitiescomponent: public-apiteam: webappIssue belongs to the WebApp teamtype: improvementImproves an existing feature or existing code

    Type

    No type

    Projects

    🍎 WebApp Team

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions