More fine granular OpsManger roles for API CRUD operations
More fine granular OpsManger roles for API CRUD operations
In order to generate API Keys users need some pretty powerful role https://docs.opsmanager.mongodb.com/current/reference/api/org-api-keys/. Same for project API Keys https://docs.opsmanager.mongodb.com/current/reference/api/project-api-keys/.
Our understanding is that user who can create api keys could also self promote themselves to super admins which is something we don't want and would be a security concern to us. (And admins normally have access to far more things than just user mgmt)
Additionally it would be beneficial to pass in an desired api key - e.g. for initial provisioning and give admins the chance to reset/rotate an API Key.
This would boil down two these two request for enhancements:
- As a user who's logged into Ops Manager, I can generate an API token for myself without having project admin rights
- As an Ops Manager Admin user, I can pass in a username and desired api key into the OpsManager API
Sven
shared this idea