I have a question around Role based access control. With what i have read, if RBAC is enabled, the auth token that gets issued to the user will have permission to only the resources that are assigned for access to that user.
Does these permissions get inherited to the API key? If a user fetches an API key using that access token and if the API key is then used for the API calls, will that be restricted the same way as the e token?
Another followup question is is there a way i can just use the API key for access control? i.e if I generate an API key but have specific permissions assigned for that key i.e can just create actions and run actions and then any api call using that key would be just be able to access those resources.
It might be little confusing but what i am looking to accomplish is if i want to expose this as a service to our internal customers, i would not want to create individual users for everyone wanting to do some automation.