What are some of the functions that a read-only user scope would be able to
perform. I really like the idea of a read-only scope but it seems like today
there are only a few functions that aren't intended to modify the state of
the system or indirectly can allow for modification of the system (e.g. bosh
ssh/scp).

By far the biggest authorization requirement we get from our security teams
is being able to provide a level of "admin" access that can perform most
functions but can't access credentials and sensitive information. Simply
hooking in UAA obviously doesn't help with this as this is deeply related to
how deployment manifests work in general. But I mention it because this is
the type of authorization and access control requirements our security teams
are providing.



--
View this message in context: http://cf-bosh.70367.x6.nabble.com/cf-bosh-Resuming-UAA-work-tp75p116.html
Sent from the CF BOSH mailing list archive at Nabble.com.