This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Remove a User that created several APIs, Products and Developer Apps

Posted on 02-21-2017 01:31 PM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi,

We have a user in our organization that was the creator of several APIs, Products and is the assigned Developer for several apps.

We would like to discontinue that user and remove it from our organization. Is that safe or might it cause problems for the Apps, Products and Developer Apps that user create

1 1 193
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

There are different kinds of "users" in Apigee Edge.

For administrative users - those who interact with Edge via the admin UI or API, any changes they make are permanent and not tied to their identity. There is an audit record that will state that THIS particular user created THIS particular API Product (or proxy, etc) at a particular time, but if the user "goes away" the entities created by that user continue to exist.

When I say "goes away" - that means removed from the "organization administrator" role, or any other role associated to the Edge organization.

This is also true of Developers or Developer Apps that this administrator created, through the Admin UI or API. If today I use the Admin portal to create a developer and a developer app, then tomorrow someone removes me as orgadmin, then that developer still exists and remains valid, and the app assigned to the developer remains valid, and all the credentials (keys) associated to that app remain valid.

ok?

Now, the second group of users are "consumer developers". These are people who are known to Apigee Edge only through the developer portal. When a person of this type registers in the devportal and signs into the developer portal, they can create an app. What's actually happening is the user is asking that the developer portal create an app on their behalf. The app that gets created is owned by the consumer developer, who is identified by the email address of that consumer developer which must be unique within the Edge organization.

If the consumer developer "goes away", what happens to the apps? But in fact it isn't possible to "delete" a developer in Apigee Edge if that developer owns apps. An administrator must first remove all the apps associated to that consumer developer, before deleting the developer entity.

It IS possible to mark the consumer developer "inactive" (or is it "revoked"? I cannot remember just now). What that does is immediately invalidate all credentials associated to any app that is associated to that developer. All the entities (credentials, apps, and the owning developer) continue to exist, but Edge will reject credentials for a developer that has been marked inactive.

The confusing thing is that the same email address can be used for someone who is a consumer developer and an administrator. In other words I can sign into the admin portal with dchiesa@google.com and I can also sign into the developer portal with the same email address.

Despite the common email address, I am filling different roles. Those are distinct identities. Therefore I might be marked as an "inactive" developer but also remain an orgadmin, in the same Edge organization.

Does this all make sense?

0 Likes