{ "resourcePermission": [ { "organization": "", "path": "/", "permissions": [ "delete", "get", "put" ] }, { "organization": "", "path": "/environments/dev/*", "permissions": [ "delete", "get", "put" ] }, { "organization": "", "path": "/environments/ci/*", "permissions": [ "delete", "get", "put" ] }, { "organization": "", "path": "/environments/qa/*", "permissions": [ "delete", "get", "put" ] }, { "organization": "", "path": "/environments/uat/*", "permissions": [ "delete", "get", "put" ] }, { "organization": "", "path": "/environments/sandbox/*", "permissions": [ "delete", "get", "put" ] }, { "organization": "", "path": "/environments/test/caches", "permissions": [] }, { "organization": "", "path": "/environments/production/caches", "permissions": [] }, { "organization": "", "path": "/environments/test/keyvaluemaps", "permissions": [] }, { "organization": "", "path": "/environments/production/keyvaluemaps", "permissions": [] }, { "organization": "", "path": "/environments/test/applications/*/revisions/*/debugsessions", "permissions": [] }, { "organization": "", "path": "/environments/production/applications/*/revisions/*/debugsessions", "permissions": [] }, { "organization": "", "path": "/environments/test/applications/*/revisions/*/deployments", "permissions": [] }, { "organization": "", "path": "/environments/production/applications/*/revisions/*/deployments", "permissions": [] } ] }If you notice the "organization" field in your permissions is empty, ideally there would be the org-id for things to work. How did you create the custom role, did you use the UI or the APIs to create the role ? An example of a custom role would be this:
{ "resourcePermission" : [ { "organization" : "apigee-func", "path" : "/", "permissions" : [ "get", "put", "delete" ] }, { "organization" : "apigee-func", "path" : "/environments", "permissions" : [ "get" ] }, { "organization" : "apigee-func", "path" : "/environments/*", "permissions" : [ "get" ] }, { "organization" : "apigee-func", "path" : "/environments/*/virtualhosts", "permissions" : [ "get" ] }, { "organization" : "apigee-func", "path" : "/environments/*/virtualhosts/*", "permissions" : [ "get" ] } ] }Note the organization field is populated. When that field is not populated, your permissions cannot be determined and hence you might be seeing that error.
Hi @jaskaran.rm
I am trying to do the same thing for the environment in the cloud. I am not sure whether you could successfully create the role permission for the environment or not ?
I am sending the following payload and I am getting HTTP 403 for that.
https://api.enterprise.apigee.com/v1/organizations/MY-ORG-NAME/userroles/MY-ROLE-NAME/permissions
{ "organization": "MY-ORG-NAME", "path" : "/environments/*", "permissions" : [ "get" ] }
or even tried the following one:
{ "path" : "/environments/*", "permissions" : [ "get" ] }
For all cases I am getting:
HTTP/1.1 403 ForbiddenConnection: keep-alive Content-Length: 0 Date: Mon, 21 Sep 2015 11:19:30 GMT Server: Apigee Router
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |