Hi all,
after searching the internet and the forum to resolve my issue I finally would like to ask that question here: Is it possible to restrict the token list of a sub admin to the tokens he is responsible for based on realms? Currently the sub admin is restricted to a realm and he can only enroll tokens to the users of that specific realm but he can still see all tokens even those of other admins.
Any hint is happily appreciated
Viele Grüße
I think this is currently not implemented.
"realm")})
request.all_data["user"] = CurrentUser.login
request.all_data["resolver"] = CurrentUser.resolver
request.all_data["realm"] = CurrentUser.realm
g.audit_object.log({"user": CurrentUser.login,
"resolver": CurrentUser.resolver,
"realm": CurrentUser.realm})
else:
# An administrator is calling this API
g.audit_object.log({"administrator": g.logged_in_user.get("username")})
# TODO: Check is there are realm specific admin policies, so that the
# admin is only allowed to act on certain realms
# If now realm is specified, we need to add "filterrealms".
# If the admin tries to view realms, he is not allowed to, we need to
# raise an exception.
@system_blueprint.after_request
@resolver_blueprint.after_request
@realm_blueprint.after_request
@defaultrealm_blueprint.after_request
To preset the tokenrealm for the endpoint GET /token/ accordingly:
"""
Display the list of tokens. Using different parameters you can choose,
which tokens you want to get and also in which format you want to get the
information (*outform*).
:query serial: Display the token data of this single token. You can do a
not strict matching by specifying a serial like "*OATH*".
:query type: Display only token of type. You ca do a non strict matching by
specifying a tokentype like "*otp*", to file hotp and totp tokens.
:query user: display tokens of this user
:query tokenrealm: takes a realm, only the tokens in this realm will be
displayed
:query basestring description: Display token with this kind of description
:query sortby: sort the output by column
:query sortdir: asc/desc
:query page: request a certain page
:query assigned: Only return assigned (True) or not assigned (False) tokens
:query pagesize: limit the number of returned tokens
:query user_fields: additional user fields from the userid resolver of
the owner (user)
:query outform: if set to "csv", than the token list will be given in CSV
Would you mind open an issue at gihub?
