Hi Benjamin,

Sorry, I could only give the best answer based on the question you asked and details you provided.

Thanks.

I suspect you are running into a bug between a proxy created in nodetool and proper permissions for other users in that role.

Could you please try this test? If you create the bundle via the UI, not using the nodetool, then other users in the same role should be edit the bundle. It's a work-around, but that may be the fastest work-around in the meanwhile.

No need to raise to support just yet-- I'd like to run a few more test on my end. If you have the opportunity and can try the test as I proposed on your end, that will also help expedite a fix.

I tried both with the user role and a custom role, and I had no issue with creating an API with Apigeetool followed by editing the proxy with another user in that same role. I think you meant that you also have permissions to EDIT all proxies-- without EDIT permission, I can't deploy using Apigeetool.

Can you confirm the permissions on API proxies? Or even better, can you send a screenshot of the permissions on your custom role so we can replicate?

Got it. I confirmed the behavior you describe. I'll file a bug on our end. If you need urgency on this fix, please open a support ticket and have them reference me (Alex Koo).

@Alex Koo So i just successfully created a proxy w/o edit rights. It did not deploy to the specified environment though. I havnt checked what the stack trace i got back means (not really going to have time to). When I add edit back to "all" this is not a problem anymore. This means that a proxy created is NOT getting assigned the correct permissions. (which I also confirmed!)

This isnt really a good work around because it would allow team 1 to overwrite team 2's proxies. Defeats the purpose of having the different permissions.

This is definately a bug. Should I open a bug report now? As "non critical" as this is - its got a bunch of really technical people here up in arms because they cant do something they would expect to be able to simply...

No disagreement here-- it is a bug with the apigee node tool, not with Edge. I've already filed a bug a while back (APIRT-2121). But please keep in mind that apigeetool is an open source project with very different SLAs than Edge UI.

Hi @Benjamin Goldman

I just want to make sure I understand your concerns. Per your original post, you wrote this:

"Here is the problem: when a permissioned user uses node tool to create a proxy or product their group is NOT granted control over the proxy or product they are creating."

This is the same behavior we are observing, and you stated this is a problem (undesirable behavior). I am agreeing that the node tool's behavior to 'create a proxy that the created user's group is NOT granted control over the proxy or product they are creating' is a bug. This behavior is not observed in Edge.

Are you now saying you think Edge's behavior is incorrect while node tool's behavior is correct?

Hi @Benjamin Goldman, I see that our Support team is helping you with this. We can continue discussions through the Support case if you have further concern.