API keys inherit the same privileges as the user who created them. This means, for example, that there's no way to create an API key that doesn't have access to security bugs for a user that has privileges to see them. This behavior can also cause security problems. When you get more privileges on Bugzilla, you'd need to audit your pre-existing API keys.
Assignee: user-accounts → nobody
Component: User Accounts → API
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Version: unspecified → Production
This would help resolve a concern that's been around with 3rd Party Web Apps that consume the API. Even if we just made it such that API keys do not have access to bugs in security groups, that'd be a useful change.
2 years ago
You need to log in before you can comment on or make changes to this bug.