Project

General

Profile

Feature #9262

Updated by Peter Amstutz over 8 years ago

From an IRC brainstorm: 

 Best practices is for admin users to not have full admin rights at all times to avoid mistakes, however creating separate admin/non-admin is confusing and inconvenient. 

 Proposed solution: associate primary admin rights with API token instead of the user account;.    When API server checks if current user is an admin, it checks the token, not the user account. 

 In normal usage, the user is granted a "regular" token and regular user access control applies.    However, the "admin" flag on the user account grants the ability to issue admin tokens with the admin flag. 

 Workbench gains a "log in admin" and "log out admin" options which switch between admin/non-admin user tokens for the same account. 

Back