This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Management APIs allow to add permission to resources that do not exist

Posted on 08-23-2017 04:49 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi Apigee Team,

Today when I was trying restrict permissions for a custom user role via management API I observerd very interesting issue.

Issue is it allows you to add permission for a resource that does not even exist in the system.

So I called management API Add permissions for a resource to a user role with the input

{
    "path": "/environments/*/vipul",	 
    "permissions": ["get"]		
    
}

and it did not give any errors. I can even see it in the list of permissions the user role has.

I don't understand why its happening.

0 1 189
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
krishnaprasadm
New Member
Reply posted on --/--/---- --:-- AM

While creating role permission it is not validating the existence of the resource. It will be used at the time of authrozation .

0 Likes