search cancel

'Admin API - Access' right is available for a user to add via group

book

Article ID: 243226

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

The Administrator sees 2 access rights related to API access.  The 'Admin API - Access' and the 'API - Access' right. When we grant access using the 'Admin API - Access', it does not provide any functionality that we can determine.

Why are there two rights? 

Admin API - Access:

  • NO Ability to grant permission directly on a Resource as a GLOBAL right
  • CAN pick it as a GLOBAL right on a Group definition
  • Does NOT provide access to the Avatar, API Keys page
  • Does NOT provide access to the Administration, Authentication & Keys Tile (used with the 'Administration - Access' right)

API - Access: 

  • YES Ability to grant permission directly on a Resource as a GLOBAL right
  • CAN pick it as a GLOBAL right on a Group definition
  • YES Provides access to the Avatar, API Keys page (used alone) 
  • YES Provides access to the Administration, Authentication & Keys Tile (used with the 'Administration - Access' right) 

 

Cause

DE65331 

  • The 'Admin API - Access' right should not be available for configuration.
  • It does not show up for direct configuration on a Resource's Global access. 
  • It should not, but does show up for a Group Global access. 

 

 

Environment

Release: 15.8.x, 15.9.x, 16.0.x 

 

Resolution

The planned resolution for this issue (DE65331) is to remove the 'Admin API - Access' right from the list of available rights for configuration. 

Resolution as per design:

  • Do not use the 'Admin API - Access' right.
  • Use the 'API - Access' right for permissions to access the Avatar, API, 'Keys' grid. 
  • Use the 'API - Access' right plus 'Administration - Access' right to access MUX Administration, Authentication & Keys, 'Keys' grid.