Update least-privilege-principle-no-super-user-joomla-webservices.md

alexandreelise · Feb 5, 2024 · 807672f · 807672f
1 parent e7dcf76
commit 807672f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/least-privilege-principle-no-super-user-joomla-webservices.md b/least-privilege-principle-no-super-user-joomla-webservices.md
@@ -8,7 +8,7 @@ We could instead follow this procedure to give the least permissions possible:
 3. Configure user token plugin and add **Web Service** Usergroup.
 4. Configure **Web Service** Usergroup with **Api Login** permission. 
 5. And for additional permissions, to mimic a RBAC (Role Based Access Control) system with Joomla, you can provide each additional permissions associated with a single group added to each user for whom we want to add this permission.(This was extensively shown in Randy CAREY talk at JWC 16 Joomla World Conference 2016 which is still relevant today https://www.youtube.com/watch?v=7Hy69ltVqzM)
-6. 
+
 In our example it would be user **api-read-only** in **Web Service** Usergroup and **Registered** Usergroup to be able to login in Frontend and get it's **Joomla Api Token** in their user profile.
 
 As at the moment, as far as I know, there is no way to do it programmaticaly with for example **POST /api/v2/auth/token** API auth route or CLI Console command **user:auth:token** to ask for example for a time-bound fined-grained token.