cancel
Showing results for 
Search instead for 
Did you mean: 
sherlock
Community Member

Looking for creative ways to manage admin permissions and API tokens in Test vs. Production

Jump to solution

Is anyone doing something creative to manage admin permissions to Canvas for the Test or Beta instance?  Since Canvas Production is copied over to Test and Beta regularly there is not an easy way to manage someone having different admin permissions in Test vs. Production.  My general experience has been that product code deployments are not bundled with permissions like this across environments so that you could have for example a developer that has elevated admin permissions in Beta and Test, but that developer does not have the same elevated permission in production.  That allows there to be a very tight control on who has the highest level admin permissions in production.  Additionally, there is a related issue we are looking to resolve with Canvas API tokens being overwritten in Test and Beta with Production tokens.  Looking for any insight on how others are managing this....Thanks!

1 Solution

Accepted Solutions
211159
Community Member

An admin-level API token on Production will also be usable on Test and Beta. So you can write a script which uses that API token to:

1. Get the list of current account admins from the Test or Beta server: GET /api/v1/accounts/:account_id/admins

2. If they don't match what you want, add the missing Test/Beta-only admins: POST /api/v1/accounts/:account_id/admins

UC Berkeley has used a similar technique to maintain other Test/Beta changes via a cron job.

View solution in original post

4 Replies
211159
Community Member

An admin-level API token on Production will also be usable on Test and Beta. So you can write a script which uses that API token to:

1. Get the list of current account admins from the Test or Beta server: GET /api/v1/accounts/:account_id/admins

2. If they don't match what you want, add the missing Test/Beta-only admins: POST /api/v1/accounts/:account_id/admins

UC Berkeley has used a similar technique to maintain other Test/Beta changes via a cron job.

View solution in original post

sherlock
Community Member

Thanks Ray!  This sounds like a good approach. Are you doing anything to maintain separate API tokens that are valid for Test only?

211159
Community Member

Jennifer Swaney:

Thanks Ray!  This sounds like a good approach. Are you doing anything to maintain separate API tokens that are valid for Test only?

I don't know of a way to script token management. But if what you're after are stable API tokens which have admin-level rights on Test only, I think this would do the trick:

1. On Canvas Production, have a non-admin user generate an API token.

2. Wait for Production data to be copied over to Test, so that the user's tokens are stably in place.

3. Use the scripting approach mentioned above to give the non-admin user (and token) admin rights on Test.

Robbie_Grant
Community Coach
Community Coach

 @sherlock r,

We are giving the Canvas Admins area a little bit of love (especially questions that are really, really old) and just want to check in with you.  This will also bring this question new attention. 

 

Were you able to find an answer to your question? I am going to go ahead and mark this question as answered because there hasn't been any more activity in a while so I assume that you have the information that you need. If you still have a question about this or if you have information that you would like to share with the community, by all means, please do come back and leave a comment.  Also, if this question has been answered by one of the previous replies, please feel free to mark that answer as correct.

 

Robbie