Jasperreports Server has quiet an advanced REST API that can manage a lot of the features of the server. Unfortunately there currently is no proper permission management for this API. A lot of the endpoints require an administrator account to use.
We want to manage the roles in our instance via an external system. Currently the external system needs an account with full administrative privileges to do this. This lack of ability to restrict the accounts permissions to only what is necessary completely opposes the security standards we follow at our company.
I therefor propose a proper permission management to be implemented into the API so that we can create accounts that are limited to perform the tasks they are intended for.
Aaron Bulmahn
| Components | User/Role, Authentication/ SSO, JasperReports Server, RestAPI |
