Multiple admins for domain

Hi!

What is considered best practice if more than one person is allowed to edit a domain?

  • A) Share the account credentials?
  • B) Share a Token?
  • C) Generate a token for each admin?
  • D) Something else?

Use case: More than one admin for one or more domains.

Options B and C only work for API access not for the web GUI, unless I am missing something?

Thanks!

fiwswe

Hi fiwswe,

deSEC currently does not support sharing domains across multiple user accounts.

While that is the case, it is best practice to not share any credentials or tokens. So I’d say c) is the winner.

In your scenario, you would want to bind each admin’s token to the set of domains that should be read/write-accessible for that admin. This functionality is currently not available, but I’ll start working on it next week, so it should be available soon.

It’s true that option c) only works for API access. The GUI is meant to provide a basic interface for people who need basic functionality and is really “just another API client”. We welcome additional functionalities to the GUI via pull requests, and also appreciate other API clients emerging.

Stay secure,
Peter

Thanks Peter!

I’m looking forward to the domain scoped tokens. That and the planed role/use case scoping for tokens will help make things more secure.

fiwswe