From 6ace93e7ea21dbb3e1fed922754e6ebc8ad08cde Mon Sep 17 00:00:00 2001 From: Donna DaCosta Date: Wed, 26 Feb 2025 10:27:32 -0700 Subject: [PATCH 1/2] AAP-38726 - Corrected access rules for applications list --- .../platform/ref-gw-access-rules-apps-tokens.adoc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/downstream/modules/platform/ref-gw-access-rules-apps-tokens.adoc b/downstream/modules/platform/ref-gw-access-rules-apps-tokens.adoc index ce78ea6b4..c4aa1abc9 100644 --- a/downstream/modules/platform/ref-gw-access-rules-apps-tokens.adoc +++ b/downstream/modules/platform/ref-gw-access-rules-apps-tokens.adoc @@ -4,19 +4,20 @@ Access rules for applications are as follows: -* System administrators can view and manipulate all applications in the system. +* Platform administrators can view and manipulate all applications in the system. +* Only platform administrators can view or act on OAuth applications //[ddacosta-aap-38726] Org administrators do not have this access in gateway. //* Organization administrators can view and manipulate all applications belonging to organization members. -* Other users can only view, update, and delete their own applications, but cannot create any new applications. +//* Other users can only view, update, and delete their own applications, but cannot create any new applications. * Tokens, on the other hand, are resources used to authenticate incoming requests and mask the permissions of the underlying user. Access rules for tokens are as follows: * Users can create a token if they are able to view the related application and can also create a personal token for themselves. -* System administrators are able to view and manipulate every token in the system. +* Platform administrators are able to view and manipulate every token in the system. //[ddacosta-aap-38726] Org administrators do not have this access in gateway. //* Organization administrators are able to view and manipulate all tokens belonging to organization members. -* System Auditors can view all tokens and applications. +* Platform auditors can view all tokens and applications. * Other normal users are only able to view and manipulate their own tokens. [NOTE] From 0c8adbce1e77948f81d59487cadbcc641418e55e Mon Sep 17 00:00:00 2001 From: Donna DaCosta Date: Wed, 26 Feb 2025 16:39:40 -0700 Subject: [PATCH 2/2] 38726 further refinement of access rules based on test env --- .../modules/platform/ref-gw-access-rules-apps-tokens.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/downstream/modules/platform/ref-gw-access-rules-apps-tokens.adoc b/downstream/modules/platform/ref-gw-access-rules-apps-tokens.adoc index c4aa1abc9..278df0301 100644 --- a/downstream/modules/platform/ref-gw-access-rules-apps-tokens.adoc +++ b/downstream/modules/platform/ref-gw-access-rules-apps-tokens.adoc @@ -5,7 +5,7 @@ Access rules for applications are as follows: * Platform administrators can view and manipulate all applications in the system. -* Only platform administrators can view or act on OAuth applications +* Platform auditors can only view applications in the system. //[ddacosta-aap-38726] Org administrators do not have this access in gateway. //* Organization administrators can view and manipulate all applications belonging to organization members. //* Other users can only view, update, and delete their own applications, but cannot create any new applications. @@ -13,11 +13,11 @@ Access rules for applications are as follows: Access rules for tokens are as follows: -* Users can create a token if they are able to view the related application and can also create a personal token for themselves. -* Platform administrators are able to view and manipulate every token in the system. +* Users can create personal tokens for themselves. +//* Platform administrators are able to view and manipulate every token in the system. //[ddacosta-aap-38726] Org administrators do not have this access in gateway. //* Organization administrators are able to view and manipulate all tokens belonging to organization members. -* Platform auditors can view all tokens and applications. +//* Platform auditors can view all tokens and applications. * Other normal users are only able to view and manipulate their own tokens. [NOTE]