Cloudsoc API Keys and its relation with the user account status
search cancel

Cloudsoc API Keys and its relation with the user account status


Article ID: 269498


Updated On:


CASB Advanced Threat Protection CASB Audit CASB Gateway CASB Gateway Advanced CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet IAAS CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS


Cloudsoc API Keys are tied to the owner (which is the user account used to create the key). The keys inherit the user permissions (either via role or the access profile assigned), and the events made by the API Key gets populated in the console using the API Key owner.

This article clarifies more the impact on the API Key status if the user account status changes.


1- User Account deletion

Upon the deletion of the user account, the API key loses its validity, and it won't be able to authenticate to Cloudsoc. All the operations made by the API Key afterward won't be able to authenticate to Cloudsoc ( HTTP unauthenticated response  - Response code 401 - ).

The API key will not be deleted automatically, it will continue to be listed under the existing API Key list.


2- User Account is Deactivated

Once the user account is deactivated, the API Key will lost the inherited permissions. All the operations made by the API key afterward will be denied access (HTTP Forbidden - 403 Response -)


3- User account role changes (demoted or promoted):

The API Key always inherits the permissions from the current setting of the user account that created it. If the user account is demoted to a "User" account, then it won't be able to perform any administrator task ( HTTP Unauthenticated response - HTTP 401-). while it will restore the administrator permissions if the role changes back to "System Admin" for example.

Verify the current role and the assigned access profile to verify the assigned permissions.


4- Recreate a deleted user

As per the first use case, if the user account gets deleted then the API key will lose its inherited permissions.

If the same user account is recreated  -within a reasonable period of time-, then the user account will be assigned the same user id and the key will be tied again to the exact same user account inheriting the currently assigned permissions (either via role or access profile).