Hi,
I want to restrict access to Org and Environment configurations on Edge UI.
For example, KVMs, Target Servers, Apps, Caches etc., should not be editable on Edge UI. They should be created/updated using the Maven Config tool using CICD.
Please point me to the setting in the user roles to give READ-ONLY Access to the configurations on the Edge UI.
Thanks in advance!
Solved! Go to Solution.
While using the management apis to can refer below url ,
https://docs.apigee.com/api-platform/system-administration/permissions#key-value-maps-kvms
https://docs.apigee.com/api-platform/system-administration/permissions#target-servers
Sample Curl,
curl -X POST --header "Content-Type: application/json" --header "Authorization: Basic base64encoded" -d "{ \"resourcePermission\" : [ { \"path\" : \"/environments/*/targetservers\", \"permissions\" : [ \"get\"] }, { \"path\" : \"/environments/*/targetservers/*\", \"permissions\" : [ \"get\"] }, { \"path\" : \"/keyvaluemaps/*\", \"permissions\" : [ \"get\"] } ] }" "https://api.enterprise.apigee.com/v1/organizations/{org-eval}/userroles/{role}/resourcepermissions"
You can create Custom roles in Edge and add only View operation for all the required componenets.
https://docs.apigee.com/api-platform/system-administration/creating-custom-roles
Hi Sid,
Thank you for a quick response.
Proxy creation/updation on Edge UI is OK. I could not find a way to restrict access to KVMs, Target Servers.
Is that setting within another setting?
I guess you can use the management apis,
While using the management apis to can refer below url ,
https://docs.apigee.com/api-platform/system-administration/permissions#key-value-maps-kvms
https://docs.apigee.com/api-platform/system-administration/permissions#target-servers
Sample Curl,
curl -X POST --header "Content-Type: application/json" --header "Authorization: Basic base64encoded" -d "{ \"resourcePermission\" : [ { \"path\" : \"/environments/*/targetservers\", \"permissions\" : [ \"get\"] }, { \"path\" : \"/environments/*/targetservers/*\", \"permissions\" : [ \"get\"] }, { \"path\" : \"/keyvaluemaps/*\", \"permissions\" : [ \"get\"] } ] }" "https://api.enterprise.apigee.com/v1/organizations/{org-eval}/userroles/{role}/resourcepermissions"
Will try this and see if that adds the restrictions. Thank you!
Maneesh,
I dont think you can restrict the access saying that keyvalue maps cannot be editable via edgeui but can be created thru cicd pipeline. I guess we cannot do two different operations on same component.
Currently there is no resource restriction for edge ui.
Restriction is for all types whether thru edgeui/cicd/maven. It is specific to userid not the way he access apigee.
@Siddharth Barahalikar, correct me if i'm wrong
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |