I've updated https://github.com/cloudfoundry/bosh-notes/blob/master/uaa.md
to list out planned viewable resources by read-only users.
By far the biggest authorization requirement we get from our security
teams is being able to provide a level of "admin" access that can perform
most functions but can't access credentials and sensitive information.
What kind of "admin" access do you think should be provided?
On Wed, Jun 3, 2015 at 8:07 AM, dehringer <david.ehringer(a)gmail.com> wrote:
What are some of the functions that a read-only user scope would be able to
perform. I really like the idea of a read-only scope but it seems like
there are only a few functions that aren't intended to modify the state of
the system or indirectly can allow for modification of the system (e.g.
By far the biggest authorization requirement we get from our security teams
is being able to provide a level of "admin" access that can perform most
functions but can't access credentials and sensitive information. Simply
hooking in UAA obviously doesn't help with this as this is deeply related
how deployment manifests work in general. But I mention it because this is
the type of authorization and access control requirements our security
View this message in context:
Sent from the CF BOSH mailing list archive at Nabble.com.
cf-bosh mailing list