User Access Control on Apigee X UI for RBAC

samirj · 12-31-2021 03:29 AM

Hi,

APIGEE X UI has option to grant users access at Environment Level at Admin > Access > Grant Access

What I see here is only 4 roles are getting displayed in the dropdown. But there are many other possible roles available for more granular access control.

Why are only 4 roles getting displayed here ? Is there any way we can have all the possible role available in this dropdown ?

I also read a post from @shuklaankur on usage of apigeecli , is there any other alternative to achieve RBAC from UI ?

@DChiesa

Former Community Member

You can set custom roles (that are more fine grained) at the environment level. However, you cannot set it through the UI. The UI will only show those 4 built-in roles. If you do set a custom role (via cURL or other methods), the UI will show custom roles.

samirj

@Former Community Member Thank you for the reply.

I did set a custom role, however the assignment of custom role can't be changed from APIGEE UI either. So I believe I have to rely on apigeecli or similar tools to manage the user access to roles apart from the ones we get in the dropdown.

I was wondering why only 4 roles are allowed from UI and is there any plan to allow more granular access control on UI itself ?

Former Community Member

Every GCP project comes with approx. 950 custom roles. There is no way for Apigee to distinguish between roles that contain Apigee permissions and those that do not. The user experience to show a list of ~950 roles is not optimal.

But this feedback is important and useful. We should offer the ability to add a free form role (in any case server side validation is done to check the role exists). I will create an internal feature request for this.