{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
1
Question by AMAR DEVEGOWDA · Dec 17, 2015 at 09:05 AM · 165 Views analyticsuserrole

Why is a Custom role user without any permissions able to run Analytics API for the org ?

I have created a custom role called "Inactive account" for my org wherein all the permissions are disabled. I have added a user for this custom role (let's call it as "InactiveUser1"). However, when I run the following analytics API call with this "InactiveUser1", I am getting 200 OK and also get the response payload.

curl -v https://api.enterprise.apigee.com/v1/organizations/adevegowda/environments/test/stats/apiproxy?select=sum%28message_count%29&sort=DESC&sortby=sum%28message_count%29&timeRange=12%2F10%2F2015+11:01:00~12%2F10%2F2015+12:01:00

I was expecting that I should get 401 Unauthorized.

Can you please look into this and let me know if this is expected behaviour or not ?

Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

2 Answers

  • Sort: 
avatar image
1
Best Answer

Answer by coverbeck · Dec 17, 2015 at 05:50 PM

The Edge UI surfaces a subset of all possible RBAC permissions and lets you set up simplified roles that are intended to be used in the UI. The UI currently does not surface Analytics permissions, so it gives custom roles GET permissions for Analytics calls.

The UI should probably let the user do a raw edit of RBAC permissions, and that feature is under consideration.

In the meantime, you should update the role's permissions with the Management API directly to remove the GET permissions on the Analytics' paths.

See this link.

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image AMAR DEVEGOWDA ♦ · Dec 18, 2015 at 12:05 PM 0
Link

@coverbeck,

Thanks for your suggestion, it helped.

avatar image
0

Answer by AMAR DEVEGOWDA · Dec 18, 2015 at 12:21 PM

As suggested by Charles above, I update the "Inactive account" role's to remove all permissions for Analytics API as shown below using the API at Add/Update Permissions

{
    "path": "/environments/test/stats/*",
    "permissions": []
}

Post this, if I use the "Inactive account" user then I get the below error as expected

HTTP/1.1 403 Forbidden

If we want to remove the permissions across all the environments for Analytics API, then we can do it as follows:

{
    "path": "/environments/*/stats/*",
    "permissions": []
}
Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Follow this Question

Answers Answers and Comments

31 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

analytics api 1 Answer

External Authorization - Analytics Feature - Apigee Edge 1 Answer

New edge api to call to fetch registered developer information 0 Answers

Developer Registrations Over Time Report 3 Answers

How to determine what protocol is being used by the clients while connecting to Edge ? 3 Answers

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2019 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Members
  • Badges