bernardodemarco commented on PR #13225: URL: https://github.com/apache/cloudstack/pull/13225#issuecomment-4564718087
> Dear @bernardodemarco , this is excellent! Hello, @daviftorres Thanks!!! > I saw in the recording that keys can be added and removed, and that the allow/deny rules are set when the key is created. Yes, exactly. Now it is possible for a user to have multiple API key pairs, each one of them with a specific permission scope and an optional validation period during which they remain active. During the creation of key pairs, it is optional to define their corresponding set of rule permissions. If a rule set is defined, the API key pair will only have access to APIs for which access has been explicitly granted (i.e., APIs whose corresponding rules are marked as allowed). On the other hand, if no rule set is specified, the API key pair permissions will follow and adapt to the permission set of the user's account role. > Is it possible to later add, remove, or modify the rules for an existing key, or do you need to create a new key each time you want to change the rules? No, it is currently not possible to update the rules of a specific key pair. The only edge-case for this is when the API key pair rule set is implicitly inferred from the user's account role (i.e., when no rules are explicitly defined for the API key pair). In these scenarios, if the user's account role permission set is changed, the corresponding key pair permissions will be adapted accordingly. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
