Differentiating between app users
回答済み
Hello,
I am aiming to create a document vault style application whereby the custom app has a number of users all of which have unique folders that they and only they should be able to see.
How does one differentiate between users at the app level to determine if they have permission to view a specific file? The managed user has permission to view all files/folders in the application and app users a subset. The api calls are made using a JWT issued to the managed user and therefore will be unrestricted regardless of which end app user is making the call.
Is it that one should use the as_user functionality so the managed user acts on behalf of an app user? Is there any other way to restrict the access of app users, or indeed identify the app user making the request?
-
正式なコメント
Hello,
I'm going to link our guides on service accounts, app users and JWT applications. This should help answer your questions on how to tell the difference between the users. Every app user is different - but is not a "managed user." Let me know if after reviewing that content, you still need some help.
Thanks,
Alex, Box Developer Advocate
コメントアクション
サインインしてコメントを残してください。
コメント
3件のコメント