Enable GOVERN readonly access to admin for audit purposes and restrict access to non-admins and non-governance

In order to enable full auditing, including auditing of administration actions, the GOVERN permission requires access to the following endpoints:

- GET /groups/{groupName}
- GET /groups/{groupName}/users
- GET /users
- GET /users/{username}
- GET /users/{username}/groups
- GET /sites/{siteId}/groups
- GET /sites/{siteId}/groups/{groupName}
- GET /sites/{siteId}/apiKeys
- GET /sites/opa/accessPolicies
- GET /sites/{siteId}/opa/accessPolicy
- GET /sites/{siteId}/opa/accessPolicy/policyItems
- GET /folders/{indexKey}/permissions
- GET /sites/global/opensearch/snapshotRepositories
- GET /sites/{siteId}/opensearch/snapshotRepository
- GET /sites/{siteId}/opensearch/snapshots
- GET /sites/{siteId}/opensearch/snapshots/{snapshotName}


NOTE: the following admin-related endpoint should remain open by default for all users, blockable using OPA:

- GET /groups


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Enable GOVERN readonly access to admin for audit purposes and restrict access to non-admins and non-governance #433

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Enable GOVERN readonly access to admin for audit purposes and restrict access to non-admins and non-governance #433

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions