authentik
authentik copied to clipboard
goauthentik
Is it possible for non super-users to be granted access to list users and some attributes
Describe your question/ Ideally I would like to give permissions (via the OAuth API) for specific users to access the user list (and their attributes - preferably limiting attributes, but that's not a deal breaker!) without giving them super-user access.
Version and Deployment (please complete the following information):
- authentik version: 2022.8.1
- Deployment: kubernetes
So the backend design supports very fine grained permissions on a user level (this is currently used by the Outpost service account, that can only access the things it needs to) and a role level.
Adding with an API to allow management of permissions and roles has been on my todo for a while but I haven't gotten around to it quite yet.
Ideally it would allow a user (identified by an app password) to search and return certain items from the users (/api/v3/core/users/?attributes=)
Is there anything I can do that might help move toward that? I don't have a firm idea of how Authentik fits together, but I'm willing to give it a go, if you can give me some pointers?