Dear Tore, The API Keys created by a user in the LIR Portal are not removed when the user is removed from the registry. Best Regards, Theodoros Polychniatis RIPE NCC On 20/03/2020 11:38, Tore Anderson via db-wg wrote:
* Gunnar Guðvarðarson via db-wg
My main issue with API Keys is them being attached to SSO accounts. What about when the employee leaves the company? He gets removed from auth on the mntner, all the apps he set-up break? Making admins hesitant about removing user access.
API access needs to be bound to the mntner in some form imho. Agreed. Well, one does not need to rule out the other - it ought to be possible to support both personal API keys (bound to an SSO account) and impersonal API keys (bound to an LIR and/or mntner).
For what it is worth, the current API keys implementation *appears* to be impersonal, i.e., my colleague can see the API keys I created and vice versa.
However, we can also see who created the keys in the first place. I did not test to see if all keys created by a specific user account would be removed if that user account is deleted or removed from the LIR account.
Tore