Hi Apigee Team,
Today when I was trying restrict permissions for a custom user role via management API I observerd very interesting issue.
Issue is it allows you to add permission for a resource that does not even exist in the system.
So I called management API Add permissions for a resource to a user role with the input
{ "path": "/environments/*/vipul", "permissions": ["get"] }
and it did not give any errors. I can even see it in the list of permissions the user role has.
I don't understand why its happening.
While creating role permission it is not validating the existence of the resource. It will be used at the time of authrozation .
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |