If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Support creating API keys with limited privileges

NEW
Unassigned

Status

()

bugzilla.mozilla.org
API
10 months ago
10 months ago

People

(Reporter: marco, Unassigned)

Tracking

Production

Details

(Whiteboard: [bugmaster-watchlist])

(Reporter)

Description

10 months ago
API keys inherit the same privileges as the user who created them. This means, for example, that there's no way to create an API key that doesn't have access to security bugs for a user that has privileges to see them.

This behavior can also cause security problems. When you get more privileges on Bugzilla, you'd need to audit your pre-existing API keys.

Updated

10 months ago
Assignee: user-accounts → nobody
Component: User Accounts → API
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Version: unspecified → Production
This would help resolve a concern that's been around with 3rd Party Web Apps that consume the API. Even if we just made it such that API keys do not have access to bugs in security groups, that'd be a useful change.
Whiteboard: [bugmaster-watchlist]
You need to log in before you can comment on or make changes to this bug.