Content
View differences
Updated by Markus Kahl almost 5 years ago
**As** a administrator
**I want to** be able to manage (create, update, delete) users' API and RSS access tokens
**so that** these can be created for users who are not supposed to login, e.g. a github user for the github integration.
**Acceptance criteria**
* An administrator can manage (create, update, delete) other user's API and RSS access tokens
* (optional / out-of-scope) An administrator can also manage a user's backup token
* for a first version simply copying/re-using the view and logic from the my page access token section in the edit user view would be sufficient
**Discussion**
Admins are already allowed to reset other users' password, 2FA devices and such. Adding access tokens to that list makes sense.
This is especially important for users who use SSO and have disabled the password login. Say they want to create a "system user" of sorts
who is only there for their API tokens, e.g. to use them with the github integration or general API access. Without password login enabled they would need to create a user in their auth provider, to do this, which may not always be possible.
**I want to** be able to manage (create, update, delete) users' API and RSS access tokens
**so that** these can be created for users who are not supposed to login, e.g. a github user for the github integration.
**Acceptance criteria**
* An administrator can manage (create, update, delete) other user's API and RSS access tokens
* (optional / out-of-scope) An administrator can also manage a user's backup token
* for a first version simply copying/re-using the view and logic from the my page access token section in the edit user view would be sufficient
**Discussion**
Admins are already allowed to reset other users' password, 2FA devices and such. Adding access tokens to that list makes sense.
This is especially important for users who use SSO and have disabled the password login. Say they want to create a "system user" of sorts
who is only there for their API tokens, e.g. to use them with the github integration or general API access. Without password login enabled they would need to create a user in their auth provider, to do this, which may not always be possible.