Device token for downloading file


I’m investigating use case when device have to download/upload concrete file from/to Pantaris storage. Base on documentaion, using access token for device is only one suitable approach for that. But such token as I see doesn’t have any protection from downloading all data available at project storage and also have rich access to project REST API. I’d rather expect something like Azure Storage SAS token where only concrete operation allow for user in limited scope. In case of having single token for everything if token is compromised, it would lead to loosing private customer data.

Could you please give me a hint what the workflow is intended for such use case? Are you going to implement SAS tokens mechanism?

Hi @external.evgeny.burm ,

you are right, the permissions can’t be lowered on device tokens and handled as project member. What we plan to introduce at some point, are user defined roles. It might be possible to assign a dedicated role like in service accounts then.

There is no plan to implement a SAS tokens mechanism yet. If you require it, please create a feature request via ticket.