API Tokens for Organizations
As a customer, I want to create API Tokens which are not attached to a real user, so that I can enforce the usage of SAML for the whole Organization. Using tokens from a real user usually means that the token has more access than desirable for example monitoring can be done with read-only permissions.
Viktor Trykolenko
shared this idea
Application users are generally available in Aiven
Application users are a special type of user that super admin can create to use for programmatic access to Aiven through the API, Terraform, Kubernetes, or other applications. They make it easier to audit and manage access to your Aiven resources for applications.
These users are centrally managed by organization super admin, who now have full visibility into how their organization’s resources are programmatically accessed on the Aiven platform. The application user tokens also add another level of security. Super admin can restrict users from creating personal tokens, ensuring that only approved applications access the Aiven API with application user tokens. This also makes it easier for super admin to regularly rotate tokens according to your organization’s security policies.
Find out more about using application users to securely manage access to the Aiven platform in the documentation.
-
Lea Beyenburg
commented
We would also love to have the option to create Tokens which are regardless of my own user role
For example:
i am admin role, but i want to create an token with low privileges to only turn DBs on and off but nothing elseThe mentioned monitoring use case is also one of ours.
i really appreciate this idea