This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Custom Role - Users should only be able to view the APIs created by them

Posted on 07-01-2020 04:57 AM
apurvaseth
New Member
Reply posted on --/--/---- --:-- AM

Hi All,

I am working on a POC related to RBAC in APIGEE.

My requirement is not met by the built-in roles and thus I need to create a custom role.

I want to create a custom role which meets the following requirement:

If I am a user, I should be able to create an API and view/modify/delete my API. I should not be able to view any other API which is not created by me.

Another user who is assigned the same custom role should only be able to view/modify/delete his API. The user should not be able to view/modify/delete my API.

Is this feasible by creating a custom role?

FYI, I tried creating custom roles in SaaS and I am unable to achieve this. I am able to view/modify/delete all the APIs created by me as well as other users in the same role.

0 8 134
Topic Labels
0 Likes
8 REPLIES 8

Posted on --/--/---- --:-- AM
ken-miller
New Member
Reply posted on --/--/---- --:-- AM

Each user will need their own custom role. When the user creates the proxy, the proxy will be associated with the custom role and anyone who has been assigned to the role will have permissions to access the proxy

0 Likes

Posted on --/--/---- --:-- AM
apurvaseth
New Member
In response to ken-miller
Reply posted on --/--/---- --:-- AM

Thanks for the quick response Ken.

I do understand this is one solution but I will have 1000s of users. Considering the number of users, I do not think this is a good approach.

Is there any other alternative?

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to apurvaseth
Reply posted on --/--/---- --:-- AM

None as far as I know. Not currently.

Posted on --/--/---- --:-- AM
apurvaseth
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thanks Dino.

Please let me know in case you come across any other alternative.

0 Likes

Posted on --/--/---- --:-- AM
amrutachandankh
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Yes,This can be done.Please give permissions shown in below screen shot.

0 Likes

Posted on --/--/---- --:-- AM
amrutachandankh
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

role-permissions.png

0 Likes

Posted on --/--/---- --:-- AM
apurvaseth
New Member
In response to amrutachandankh
Reply posted on --/--/---- --:-- AM

Thanks for the response Amruta.

This will not work for multiple users assigned with the same custom role.

I tried this as below:

I have created an API and I am a part of custom role A.

Another user who is also a part of custom role A, can anytime login and modify/delete the API created by me.

0 Likes

Posted on --/--/---- --:-- AM
amrutachandankh
Bronze 3
Bronze 3
In response to apurvaseth
Reply posted on --/--/---- --:-- AM

Yes,users in same role will be able to view all the proxies.Hence you can create roles based on providers.And add only users who want to access the proxies for that providers.

0 Likes