I created a sprite. The user belongs to only one org (with sprites enabled). If I try to visit that url sprite info with that user, I see this page telling me that I’m not a member of the organization when its the only organization I am a member of.
We are currently limiting these logins to only users with the admin role. I’m looking into if/how we might change that to allow for any member of the org.
I can see that the user which failed for you has the member role but that it worked for your admin user.
Could you share how you’d like to use this such that member users would be logging in? That might help us find a better solution.
Access Control / Sharing without putting stuff on the public internet.
I want to share sprite content with my team without making every one of them an admin.
(I am OP – I think I posted that one from a testing account email).
But I have to say, it’s truly baffling that I cannot access my own sprite privately.
Your original post mentioned just the HTTP URL. Were you also wanting to share sprite access more broadly, say to the console or to CLI commands?
I’m not sure I follow. You can do this when you are logged in as your admin role user.
There is value to me to be able to publish HTTP services that only I and the members of my organization can see. In this case, fly credentials are serving as a cheap authorization layer to view the HTTP service.
I think this should be true regardless of who creates the service. So, as a member of an organization, if I create a service with the private HTTP service, I would expect to be able to see it myself. Not only make it for the admins of the service to see.
The screen above literally says:
“This sprite is only available to members of it’s organization.”
What you are telling me is it should say:
“This sprite is only available to admins in this organization”
?
I understand now. Thanks for explaining it further. That language is confusing.
As to what it should say, “members” vs “admins” is confusing on that screen. We can tighten that up.
We were thinking we could have a flag/option on the sprite url auth that lets you determine if the HTTP should be limited to admins (what it does today) or be available to all members of the organization. So, you could set that for each sprite via the CLI in the same command where today you make a url public or make it authed.