cf-abacus
cf-abacus copied to clipboard
Corrective scope token
I would like to propose a split of the system scope to:
- transport scope
- corrective scope
The transport scope will be used in the same way as we use the system scope now - to allow asynchronous processing of the documents without going to auth server for refreshing the resource tokens.
The corrective scope can be used to:
- offload the current "system" scope. Now it has "all"/root kind of access
- provide clear separation between normal and corrective actions
- allow audit logging of special actions, that require more privileges and should be done with restricted access
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/129877825
The labels on this github issue will be updated when the story is started.