With OPDK, platform administrators could explicitly grant permissions to specific proxies - "proxy1" "proxy2" ... etc. This would allow for tight-controls on who is allowed to modify or trace the proxy.
For instance, we have a shared "authentication proxy", which only CIAM/Identity developer have access. No other users should access
Questions
* "Environment access" seems to grant higher-level roles - all or nothing. See image. Doesn't have ability to differentiate between proxy, api product
* GCP-IAM does not provide/allow-for fine-grain restrictions from UI.
* Has anyone tried to create a specific policy at the resource-level ? (product, proxy or entitlement)
In hybrid the capability is there, but it's available differently. You should be able to do this in X or hybrid with Conditional IAM
Read about it here: https://cloud.google.com/apigee/docs/api-platform/system-administration/add-iam-conditions
Let me know if this satisfies your requirement.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |