Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
We have recently added "tenancy" to the project.
With tenancy, every resource have a tenant, where resource can be a delivery-service, a server (future) and even a user.
We are now starting to enforce access-control based on the resource tenancy. A user can manage a resource only if the resource is under the user tenancy.
This JIRA deals with another step of "delivery-service as a resource" - enforcing via the API access control on DS steering target: In order to add a steering target DS1 to steering DS ST1, the user should have access to the tenants of DS1 and ST1. In order to read the record, access to ST1 is enough
Attachments
Issue Links
- links to