Apigeex - access to only specific environment for ...

raghubtechit · 02-10-2022 05:39 AM

We provided Apigee API Admin access for our APIProxy development team but looks like it has been deprecated recently. Our requirement is to provide complete access to one single environment in an org for development team to perform develop, deploy, create, update, delete api proxies, shared flows, create target servers, look at debug or analytics & everything specific to that environment. Also if possible we need to provide access to creation of products, apps & developers for that environment. Do we need to create an custom role for this type of access & if yes, could you please provide the list of roles? Does ApigeeEnvironmentAdmin help in this case or do we need to add more rules for it to support creation of of products, apps & developers?

dknezic

Some of the entities mentioned exist at the organization scope, not an environment scope. (API Proxies, Shared Flows, Products, Apps, Developers). This means currently anyone (with the appropriate permission) can create/develop any API proxies as they're not associated with an environment, however you can use RBAC to restrict users to deploy/debug per specific environment/s. If you create a custom role with environment specific permissions, you can then use the Management API to assign this custom role to your users on the required environments.

This article also discusses the approach further

raghubtechit

We figured out the below customized role (apigeex org admin customized) with permission to be provided at the organization level and would be providing environment admin default role to the environment using the apigeecli utility. Please let us know whether this will fulfill our requirement.

apigee org admin customized

apigee.apiproductattributes.createOrUpdateAll
apigee.apiproductattributes.delete
apigee.apiproductattributes.get
apigee.apiproductattributes.list
apigee.apiproductattributes.update
apigee.apiproducts.create
apigee.apiproducts.delete
apigee.apiproducts.get
apigee.apiproducts.list
apigee.apiproducts.update
apigee.appkeys.create
apigee.appkeys.delete
apigee.appkeys.get
apigee.appkeys.manage
apigee.apps.get
apigee.apps.list
apigee.developerappattributes.createOrUpdateAll
apigee.developerappattributes.delete
apigee.developerappattributes.get
apigee.developerappattributes.list
apigee.developerappattributes.update
apigee.developerapps.create
apigee.developerapps.delete
apigee.developerapps.get
apigee.developerapps.list
apigee.developerapps.manage
apigee.developerattributes.createOrUpdateAll
apigee.developerattributes.delete
apigee.developerattributes.get
apigee.developerattributes.list
apigee.developerattributes.update
apigee.developerbalances.adjust
apigee.developerbalances.get
apigee.developerbalances.update
apigee.developermonetizationconfigs.get
apigee.developermonetizationconfigs.update
apigee.developers.create
apigee.developers.delete
apigee.developers.get
apigee.developers.list
apigee.developers.update
apigee.developersubscriptions.create
apigee.developersubscriptions.get
apigee.developersubscriptions.list
apigee.developersubscriptions.update
apigee.exports.create
apigee.exports.get
apigee.exports.list
apigee.proxies.create
apigee.proxies.delete
apigee.proxies.update
apigee.proxyrevisions.delete
apigee.proxyrevisions.update
apigee.queries.create
apigee.queries.get
apigee.queries.list
apigee.reports.create
apigee.reports.delete
apigee.reports.get
apigee.reports.list
apigee.reports.update
apigee.sharedflowrevisions.delete
apigee.sharedflowrevisions.update
apigee.sharedflows.create
apigee.sharedflows.delete

Apigeex - access to only specific environment for APIProxy developers