Hello Experts
We have a scenario where we have an endpoint exposed which does something simple - lets say in this case creates an ADSGroup object using a PUT/POST request
What we require is to restrict the permissions based on the service account of the caller. For this example, we can assume service accounts are windows accounts.
For instance, if service account svc_a calls this API, it can only create groups in domain A and B, if service account svc_b calls this endpoint, it can only create groups in domains C and D.
I know that Permission groups allow us granular level of control, and we can easily create two permission groups in the backend to support the above scenario. If using permission groups, I assume we would also need 2 Person object, one for svc_a and one for svc_b, but I don't know how the product would be able to map a call from svc_a to Person corresponding to svc_a
Alternatively, is there some other way to achieve the same? We would like to utilise as much as OOTB functionality as possible
Thanks
Kin