Access Keys and User Deactivation
I am looking to use the Search API.
My understanding is that access keys are directly linked to a specific user login. Logically, if the user leaves the organization and the login is deactivated then the access key will stop working. Any tools utilizing the access key will then stop working.
Can anyone confirm if my understanding above is accurate?
If I am correct, is there a recommended design pattern for API security access? Should we create a system user(s) account that would not be deactivated?
You are absolutely correct, if the associated user is deactivated or delete then his/her corresponding key wont work and any application using that key will stop working.
The deleted user’s Access Keys are removed and cannot be restored.
Access keys are deactivated for the user
We have a new feature called "Installation Tokens" with the sole purpose of installing collectors. This feature is currently in Beta testing and I don't have a date for general release yet. For more information about this, please go to https://help.sumologic.com/Beta/Installation_Tokens.
But this token can only be used for installation of collectors and you can use them in the installation scripts without the worry if the associated user is deleted or disabled.
Hope this helps.
Please sign in to leave a comment.