Hi community,
I’m looking to create and maintain User Roles and Permissions that are used by APIs and Applications (found under the User Management tab in the management dashboard). As I understand from this link, only tenant admins can create and maintain User Roles and Permissions as well as manage APIs where they’re used.
Our tenant admins (understandably) would prefer not to hand out tenant admin to every developer that would like to manage RBAC for his/her application, since other tenant roles/permissions are freely visible to other admins, who may not necessarily have a good grasp of the RBAC model of a specific app. Also developers may accidentally change tenant-level configuration, causing unnecessary destruction.
It is also not feasible to ask the tenant admins for role/permission creation and updates during early application development, as the RBAC model will constantly be in flux.
Therefore, I would like to propose a new management role which would allow for this (analogous to Editor for Specific Apps).
In the meantime, does the community have any workarounds for this use-case?