Hi,
i originally posted to the german forums, but sadly nobody answered so i hope somebody can help me here. Here’s the link to the original post: Piwik Multiuser - API Key gibt Zugriff auf alle Websites
So, my questen is the following:
I want to give access to my piwik installation (which i use for my own homepage, lets say it is called myself.com) to a friend who wants some webanalytics for his homepage (lets say friends.com, just as an example). I created a new user for him and configured a new Website with the Piwik administrator. In the next stemp i granted access to friends.com for the new user.
just for some experiments i tried configurung a testpage to track to myself.com with the auth token from the piwik user who only has access to friends.com and é voila i could track the visits. But why?
Is it normal, that piwik can use the auth key from a user to track visits to a website the user doesn’t have access to?
How would resellers solve this problem? I cannot imagine, that a reseller installs a new piwik instance for every customer.
How would i configure usage of one piwik instance for multiple users, who shall not be able to track to webpages they aren’t allowed to administrate?
Hope somebody can help me.
Thank you and greetings
PS: I am using Piwik 2.16.0