Reply
Highlighted
Accepted Solution

Restrict Access down to Record Level using API

JRuzicka
Techie
Posts: 10
2172     0

Looking for a way to limit an API user to be able to create DNS records and then only be able to modify the records they created.  I can see that after a record is created manually you can then restrict a user account to only have RW access to that record, but want the user to be able to create records as well, while at the same time limit their ability to potentially modify or delete any other records not otherwise associated with their application.  Has anyone been able to get this granular via WAPI?

Re: Restrict Access down to Record Level using API

Adviser
Posts: 213
2173     0
How many users are you talking about having access to the API for this type of configuration?

Re: Restrict Access down to Record Level using API

JRuzicka
Techie
Posts: 10
2173     0

We are contemplating either creating user accounts per application or business unit so the number can be upwards of 20 plus.  

Re: Restrict Access down to Record Level using API

Adviser
Posts: 213
2173     0
That’s not too much but it can start to make things complicated. If those users can be grouped into smaller “teams” (such as by business unit or something), you’ll make this easier.

Here’s something you can try…IF the users are issuing the queries directly you will have limits since they would effectively need higher level permissions to the parent (zone or network) to do the creation to begin with.

IF the users are using some kind of portal (customized interface) to submit the request, you could have the portal use elevated permissions to not only create the object but then also use the API to set the appropriate permissions to the group that the user belongs to. Another option is to leverage extensible attributes for this and have your portal filter based on EA values.

There may be a few other ideas from some others but this might be something to help you get the creative juices flowing.

Re: Restrict Access down to Record Level using API

JRuzicka
Techie
Posts: 10
2173     0

Thank you.  I'll follow-up on these recommendations.  Specifically on how we might be able to leverage the extensible attributes.

Showing results for 
Search instead for 
Do you mean 

Recommended for You