Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Allow restricting feeds to "userless" api keys



  • API Keys have the ability to emulate a user. This allows restricting the feeds that an API Key can connect to (very useful).

    I find I am submitting a lot of tickets to my System Admins to get network users made, just so I can make an API Key have limited permissions.

    In reality the user does not need to exist anywhere except logically in ProGet. The connection uses the API Key, which then uses the user's permissions in ProGet to restrict their permissions. The user's password is never used and the user is never logged in.

    I would like to request that a way be made that I could restrict an API Key to specific feeds without needing to create a user in my domain.

    One possible way of doing this is to make an option for the name of the Key to be a "user" on the permissions page. That way it can have permission restrictions.

    NOTE: I think this would be easier if I was not using active directory, as I could just make the user in Proget. But with active directory as my user provider, I cannot just add a user.


  • inedo-engineer

    Hi @Stephen-Schaff ,

    Yes, this can be a little bothersome. Actually this is something that we're considering for v6, to mostly replace the "impersonation" feature:

    • Allow on Feeds:
      • [feed1, feed2, «group1»]
    • Feed Permission:
      • View/Download
      • Publish/Push
      • Delete/Overwrite

    The "username" would still be there, but mostly for "personal api keys".

    Thanks,
    Alana


Log in to reply
 

Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation