This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Not able to define permission for environment level configuration for new Role

Posted on 02-10-2016 09:40 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Dear Team,

I have created a custom role with the permission to view (i.e. GET) on a single API only.

There are few things that I observed: 1. I did not find a way to allow user to give permission for Environment level configuration like KVM or Target Servers. How we can do that?

2. Since we have created a role with view permission on a single API, I am able to access environment level configuration data (KVM or Target Servers) through management APIs. Why is it so? Is there any default permissions that are assigned to every new role created?

3. How can I update the permission for newly created role? More specifically how can I delete the view permission of env. level config. (KVM or Target Servers) for newly created roles? Please suggest with some example for deleting permission on Target Servers (Not able to identify the exact Resource name) for a role.

0 2 375
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

@Vipul Agarwal what you describe above (Points 1 & 2) is the classical divide between the design/development time & the run-time. Custom Roles primarily define what "users" should & shouldn't be able to do with assets such as API proxies, Products, reports etc.

Run-time resources eg: KVM on the other hand are available for multiple APIs/users and are typically accessed by an "API Proxy" vs an "user". You can create environment scoped KVMs, which can be referenced by an API Proxy(ies) that is (are) deployed to a specific environment in which case the KVM is only available in that environment.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

@Prithpal Bhogill:

Hi,

I got your point. But my question is if I create a custom role (lets say CUSTOM_ROLE) and assign it to a user (USER1),now when I go to management API Get Target Server or Get KeyValue Map and enter the credentials of USER1, I can access the details of the target servers or key value map configured in the environment.

I want that any user with CUSTOM_ROLE cannot view any of the target server in my organization through Management API too. How can I do that?

Please let me know if need more clarification.

Thanks.

0 Likes