In general, it is very hard to detect an improperly protected REST
endpoint. Using least privilege principles could improve the control.
Regarding the roles, how could someone create a new admin user? Having
one and only one admin user with all access rights is a security
vulnerability itself. If the same admin credentials are shared between
several people/administrators it will be almost impossible to detect
which one is the compromise.
In conclusion my opinion is that:
1. Logging the endpoint accessibility is a must: e.g DateTime: User
[admin] with roles [admin] accessed createUser endpoint
2. Roles should be based on delegation of duties. "developer" or
"simple" roles do not reflect any duties and it's hard to guess their
duties without reading the documentation. Of course, delegation of
duties (e.g having a UserManagement role and the ability to assign it)
will make the role based access management part of AeroGear Unified Push
Server much more complex. However this will spread the risk of having a
single admin user with all rights.
On Tue, 2013-11-05 at 16:34 +0100, Sebastien Blanc wrote:
-admin : can do all the CRUD operations + creating/deleting users
The default user (admin/123) should have the "admin" role
Users created by the admin can have the role developer or simple