You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2018/06/29 14:05:04 UTC

[GitHub] mitchell852 opened a new issue #2488: Create a capability that can be used to secure API values

mitchell852 opened a new issue #2488: Create a capability that can be used to secure API values
URL: https://github.com/apache/trafficcontrol/issues/2488
 
 
   We have some endpoints that contain secure values. For example:
   
   GET /api/parameters
   
   currently if you are an admin (priv level=30), then the values for "secure" parameters will be returned. if you are not an admin, the value will be replaced with '**********'
   
   as we move towards capability-based permissions (as opposed to priv_level based), we will need to key off of a capability (instead of a role) to determine whether to show or hide the value of secure parameters.
   
   One suggestion was to create a capability called "secure-read" or something along those lines. The presence of this capability would allow you to see the value of "secure" parameters.
   
   So for example,
   
   to access GET /api/parameters and see value of secure and non-secure parameters you'd need the following capabilities:
   
   params-read
   secure-read
   
   to access GET /api/parameters and see value of ONLY non-secure parameters you'd need the following capabilities:
   
   params-read

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services