[MXS-4371] Improve REST-API Access Control Created: 2022-10-27  Updated: 2023-12-15

Status: Open
Project: MariaDB MaxScale
Component/s: REST-API
Affects Version/s: None
Fix Version/s: Icebox

Type: New Feature Priority: Major
Reporter: Naresh Chandra Assignee: Joe Cotellese
Resolution: Unresolved Votes: 0
Labels: None


 Description   

Implement finer-grained control of REST-API users. Initial requirement is to be able to restrict the REST-API access only to the query editor.

Original description:

View access only on GUI query editor for few users

Implement a feature only GUI view access for query editor tab and hide all the rest of the dashboard GUI. We want to give only query editor GUI to only specific users and rest of the dashboard (Monitoring, logs, user management and etc) tabs should be hide.

 Comments   
Comment by Duong Thien Ly [ 2022-10-27 ]

What about read-only(basic) users?
The only difference from what you're asking for is that they can access other pages but can't modify them. We can hide the "Users" page for the basic users as it makes no sense for them to see it, but other pages will still be visible. Overall, they can see but can't modify.

Comment by Naresh Chandra [ 2022-10-27 ]

Yeah, but we are giving this to other teams, they should not see all the ip's, log data and hostnames. For security point of view at the same time quick access. I mean the page directly redirect to Query Editor.

Give some customize option for admin default and other we will select options like what we can give view access.

Generated at Thu Feb 08 04:28:09 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.