A proxy can by default access all objects in a single environment: KVM's, Caches, Target Servers...
Q: is there a way to limit access by an API proxy to specific admin/config objects?
Context of my question are multiple teams working in a single tenant:
Just like environment has scope, cache is also having scope using which you can restrict for proxy. For target servers you don't have anything like that. Knowing only the target server and port doesn't give idea about the full path of the proxy.
@Priyadarshi Ajitav Jena Thanks for your very fast response, but my question remains. Within a single environment, each proxy can access all caches a.o. environment config objects. Is there any restriction (permission mechanism)? Else I need to trust everyone else working in the same org/env not to read from "my" cache, read from "my" (environment) KVM etc.
As I said earlier you can put particular scope for proxy in cache policies , so that other proxies will not be able to use. For target server it's not applicable.
Mostly companies have admin and developer teams separate. Login to edge UI is very restricted one.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |