Looking for creative ways to manage admin permissions and API tokens in Test vs. Production

Jump to solution
sherlock
Community Novice

Is anyone doing something creative to manage admin permissions to Canvas for the Test or Beta instance?  Since Canvas Production is copied over to Test and Beta regularly there is not an easy way to manage someone having different admin permissions in Test vs. Production.  My general experience has been that product code deployments are not bundled with permissions like this across environments so that you could have for example a developer that has elevated admin permissions in Beta and Test, but that developer does not have the same elevated permission in production.  That allows there to be a very tight control on who has the highest level admin permissions in production.  Additionally, there is a related issue we are looking to resolve with Canvas API tokens being overwritten in Test and Beta with Production tokens.  Looking for any insight on how others are managing this....Thanks!

1 Solution
211159
Community Novice

An admin-level API token on Production will also be usable on Test and Beta. So you can write a script which uses that API token to:

1. Get the list of current account admins from the Test or Beta server: GET /api/v1/accounts/:account_id/admins

2. If they don't match what you want, add the missing Test/Beta-only admins: POST /api/v1/accounts/:account_id/admins

UC Berkeley has used a similar technique to maintain other Test/Beta changes via a cron job.

View solution in original post