Create ACL to modify only the ipset via Rest API

[xkill]

Hi,

Is there any way to create a user/token with access to modify only the ipsets (Rest API: /cluster/firewall/ipset)?

For the moment I only managed it by allowing the user/token to access to whole system creating a role with the permissions: sys.audit and sys.modify

But I only want a user with access to the RestAPI URI /cluster/firewall/ipset, is it possible?

Thanks in advance!

 

[fabian]

no, that's not possible at the moment.

 

[xkill]

Is it on the roadmap? Allow assigning permissions based on the base URI of the RestAPI?, at least for the API tokens?

 

[fabian]

no - our ACL is based on ACL objects/paths which are separate from the API endpoint paths.