Usage retrieval authorization was: Re: [abacus] Usage submission authorization
Piotr Przybylski <piotrp@...>
toggle quoted messageShow quoted text
Does the user who would like to see their usage (e.g. services in the organization they own) need to have 'abacus.usage.read' scope as discussed below?
-----Saravanakumar A Srinivasan/Burlingame/IBM@IBMUS wrote: -----
To: "Discussions about Cloud Foundry projects and the system overall." <cf-dev@...>
From: Saravanakumar A Srinivasan/Burlingame/IBM@IBMUS
Date: 10/15/2015 10:20PM
Subject: [cf-dev] Re: Re: Re: Re: Re: Re: Re: [cf-dev][abacus] Usage submission authorization
> what will be the scope for securing internal Abacus pipeline that Assk describes as system token ?
It is 'abacus.usage.write'.
Updated my previous statements to make it more specific:
We have enabled scope based authorization for REST endpoints at usage collector and usage reporting service. While we are working on using system OAuth bearer access token at internal Abacus pipeline, Submitting usage to a secured Abacus needs a OAuth bearer access token with 'abacus.usage.write' system scope in addition to the resource provider specific scope(s) - 'abacus.usage.<resource_id>.write'.
Saravanakumar Srinivasan (Assk),
-----Piotr Przybylski/Burlingame/IBM@IBMUS wrote: -----
From: Piotr Przybylski/Burlingame/IBM@IBMUS
Date: 10/15/2015 09:50PM
Subject: [cf-dev] Re: Re: Re: Re: Re: Re: [cf-dev][abacus] Usage submission authorization
Makes sense, and just to complete - what will be the scope for securing internal Abacus pipeline that Assk describes as system token ?
----- Original message -----