Details
-
New Feature
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
fts-rest-server 3.12.0
-
Security Level: Public Data (This ticket is visible to anyone on the internet and will be indexed by search engines)
-
None
Description
The FTS REST server grants access based on certain authorization levels: transfer, deleg, config, datamanagement. An operation can request the connecting user to have a needed authorization level to perform the action.
These levels are granted either based on the certificate proxy roles + configuration mapping (explained in the documentation: FTS-REST > Roles) or via a static database DN mapping (t_authz_dn).
Proposal
Introduce a new admin level that should be used for FTS operations.
This level is intended to only be granted to FTS instance administrators, which are assumed to have complete access to the system anyway (such as the database details). Because of this, the admin role can only be set via the database.
More so, the admin level will be considered a superset of the config level. Operations requiring config will also grant access to those having admin level.
Attachments
Issue Links
- is needed by
-
-
- Closed
-
- mentioned on
