Enhanced Security & Control with SeaLights Tokens
Last updated
Was this helpful?
Last updated
Was this helpful?
SeaLights has implemented significant enhancements to token access and management, providing greater control and security for our users. These changes primarily focus on refining access permissions for different token types.
Browser extension tokens are now user-based, meaning they are linked to the user who created them and inherit the creator's group access at the time of use. This ensures that these tokens grant access only to applications within the creator's current groups.
Furthermore, if the token creator is deactivated or deleted, the associated extension token is automatically deactivated or deleted.
Legacy extension tokens, which previously had global access, are now only visible to Admin/DevOps users, and their actions like copy, download, and refresh are disabled.
For API and Agent tokens, access is now group-based. These tokens are linked to specific groups, granting access to applications within those groups.
DevOps users (and also Admin users, in the case of API tokens) can now only view tokens associated with the groups they have access to.
While legacy API and Agent tokens retain global access and can be viewed by all DevOps users (and also Admin users, in the case of API tokens), new tokens can be created with global access permissions only by Admin/DevOps users with User & Permissions management permissions and can be viewed only by these users.
However, copy, download, or refresh tokens are disabled if the user is not assigned to all the groups associated with those tokens.
To enhance security and prevent accidental disruption of CI/CD pipelines, users can now disable and enable tokens, with deletion only possible after disabling. Additionally, users can add groups to tokens, but removal is not supported.
Finally, it is crucial to note that creating a token does not provide perpetual access. The creator of a token can only view and manage it as long as their assigned groups align with the groups the token has access to, ensuring ongoing security and control.