Authentication and authorization
Authentication
All connections to the Downloader service require authentication, using any valid user account available to the host running the service.
After initial authentication a bearer token is issued by the service to use throughout the session.
Authorization
Authorization is optionally implemented using simple access control lists (ACLs) which may include users or groups. If the currently authenticated user, or a group the user is a member of, is included in an ACL then permission is granted. An empty ACL grants permission to all authenticated users.
The following ACLs are defined:
Connect to Downloader Service
Configure Settings
Connection Defaults. This is used to restrict the creation of new Connections, and applied as the default ACL at the time of creation.
Per-Connection.
All ACLs are empty by default. Note that ACL changes that would remove access for the current user are disallowed.
ACL definitions may only be edited via the client application.