You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've just looked into this. devstorage.read_write is sufficient for the upload and download steps. It is not sufficient for the "Bucket Lifecycle" step.
One thing we'll need to do is to limit the StorageScopeRequirement to the devstorage.read_write permission, then create another scope requirement with devstorage.full_control, and change the @RequiresDomain annotation on the ExpiringBucketLifecycleManagerStep. There's probably more that needs to be changed.
Any progress on this issue? My security folks give serious side eye for full_control but are much more tolerant for read_write. Being able to avoid their side eye is a goal I've been able to maintain for a while and is something I'd like to continue doing :-)
Hi,
Wouldn't 'devstorage.read_write' be enough for this plugin?
Is there any chance someone could check this?
The text was updated successfully, but these errors were encountered: