This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

hybrid - missing fine-grain role assignments ( scoped to proxy )

Posted on 06-30-2022 02:10 PM
sunapi
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

With OPDK,  platform administrators  could  explicitly grant permissions  to specific proxies - "proxy1" "proxy2" ... etc.  This would allow for tight-controls on who is allowed to modify or trace the proxy.    

For instance,  we have a shared "authentication proxy", which only CIAM/Identity developer have access. No other users should access

Questions

* "Environment access"  seems to grant higher-level roles - all or nothing.   See image.  Doesn't have ability to differentiate between proxy, api product

*   GCP-IAM does not provide/allow-for fine-grain restrictions from UI.        

* Has anyone tried to create a specific policy at the resource-level ?  (product, proxy or entitlement) 

 

 

apigeeroles_hybrid.png

0 1 73
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

In hybrid the capability is there, but it's available differently. You should be able to do this in X or hybrid with Conditional IAM 

Read about it here: https://cloud.google.com/apigee/docs/api-platform/system-administration/add-iam-conditions

Let me know if this satisfies your requirement. 

0 Likes