With OPDK, platform administrators could explicitly grant permissions to specific proxies - “proxy1” “proxy2” … etc. This would allow for tight-controls on who is allowed to modify or trace the proxy.
For instance, we have a shared “authentication proxy”, which only CIAM/Identity developer have access. No other users should access
Questions
-
“Environment access” seems to grant higher-level roles - all or nothing. See image. Doesn’t have ability to differentiate between proxy, api product
-
GCP-IAM does not provide/allow-for fine-grain restrictions from UI.
-
Has anyone tried to create a specific policy at the resource-level ? (product, proxy or entitlement)
