WSO2 APIM 安全 - 发布者访问分离 [英] WSO2 APIM security - separation of the publisher access

查看:26
本文介绍了WSO2 APIM 安全 - 发布者访问分离的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我对出版商的分离有疑问.

I have question about the separation of the publishers.

如果我们希望发布者仅管理自己的 API,是否可以限制他们查看/更新其他发布者发布的 API?还是我们需要创建一个单独的租户?

If we want the publishers to manage only their own API, can we restrict them to see/update APIs published by other publishers? Or do we need to create a separate tenant?

理论上 - 有可能将 API 可见性限制为特定角色,但有一种解决方法.如果发布者正在显示统计信息 - 统计信息会显示 API 的记录,如果没有特定的限制角色,用户不应看到这些记录.单击统计记录(例如订阅数),用户将获得对不应看到的编辑 API 的访问权限.所以 - 现在我们通过默默无闻获得了安全性.

In theory - there's possibility to restrict API visibility to a specific role, but there's a way around. If a publisher is displaying statistics - the statistics shows records for APIs which should not be visible to the user without the specific restriction role. Clicking on a statistics records (e.g. number of subscriptions) the user will gain access to edit API which should not be seen. So - now we have security by obscurity.

对于商店和网关 - 确实检查了角色.我在考虑发布商

For the store and gateway - indeed the role is checked. Here I'm considering the publishers

推荐答案

按照设计,单个租户中的所有 API 对该租户中的每个发布者都是可见的.基于角色的可见性仅适用于商店.

By design, all APIs in a single tenant is visible to every publisher in that tenant. Role-based visibility is applicable only to the store.

如果创建多个租户,则可以隔离 API.如果要访问商店中的所有内容,可以将 API 可见性设置为公开".

If you create multiple tenants, you can isolate APIs. If you want to access all of them in the store, you can set the API visibility to "public".

这篇关于WSO2 APIM 安全 - 发布者访问分离的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆