Feature #9262
Updated by Peter Amstutz over 8 years ago
From an IRC brainstorm:
Best practices is for admin users to not have full admin rights at all times to avoid mistakes, however creating separate admin/non-admin is confusing and inconvenient.
Proposed solution: associate primary admin rights with API token instead of the user account;. When API server checks if current user is an admin, it checks the token, not the user account.
In normal usage, the user is granted a "regular" token and regular user access control applies. However, the "admin" flag on the user account grants the ability to issue admin tokens with the admin flag.
Workbench gains a "log in admin" and "log out admin" options which switch between admin/non-admin user tokens for the same account.