This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Is there a way to control access to shared flows in Apigee Edge via the RBAC configs?

Posted on 04-08-2017 09:32 PM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Basically limit which users can create/modify shared flows in Apigee Edge. Does API approach work to set these permissions. Any one tried & tested ?

~~S:G:TC~~

Solved Solved
2 3 2,296
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
rdeandrade
Staff
Reply posted on --/--/---- --:-- AM

You can create a 'developer' custom role with a select level of access to the system and then add more permissions to it via the management APIs.

Here's the sample permissions I'm using to get the shared flow to work under a custom role (in bold towards the end are the ones you need for the shared flows.

	  {
	    "path" : "/sharedflows/*",
	    "permissions" : [ "delete", "put", "get" ]
	  }, {
	    "path" : "/sharedflows/*/revisions/*",
	    "permissions" : [ "delete", "put", "get" ]
	  }, {
	    "path" : "/sharedflows/*/revisions/*/deploy",
	    "permissions" : [ "delete", "put", "get" ]
	  }, {
	    "path" : "/environments/*/sharedflows/*/revisions/*/deployments",
	    "permissions" : [ "delete", "put", "get" ]  
	  }, {
	    "path" : "/sharedflows",
	    "permissions" : [ "delete", "put", "get" ]  
	  }

The following would be a sample request to the API to add such permissions:

curl https://api.enterprise.apigee.com/v1/o/<ORG>/userroles/<CUSTOM_ROLE_NAME>/permissions -X POST -H "Content-Type: application/json" -d '{ "path" : "/sharedflows", "permissions":["delete","put","get"]}'

More details on the API here

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
rdeandrade
Staff
Reply posted on --/--/---- --:-- AM

You can create a 'developer' custom role with a select level of access to the system and then add more permissions to it via the management APIs.

Here's the sample permissions I'm using to get the shared flow to work under a custom role (in bold towards the end are the ones you need for the shared flows.

	  {
	    "path" : "/sharedflows/*",
	    "permissions" : [ "delete", "put", "get" ]
	  }, {
	    "path" : "/sharedflows/*/revisions/*",
	    "permissions" : [ "delete", "put", "get" ]
	  }, {
	    "path" : "/sharedflows/*/revisions/*/deploy",
	    "permissions" : [ "delete", "put", "get" ]
	  }, {
	    "path" : "/environments/*/sharedflows/*/revisions/*/deployments",
	    "permissions" : [ "delete", "put", "get" ]  
	  }, {
	    "path" : "/sharedflows",
	    "permissions" : [ "delete", "put", "get" ]  
	  }

The following would be a sample request to the API to add such permissions:

curl https://api.enterprise.apigee.com/v1/o/<ORG>/userroles/<CUSTOM_ROLE_NAME>/permissions -X POST -H "Content-Type: application/json" -d '{ "path" : "/sharedflows", "permissions":["delete","put","get"]}'

More details on the API here

Jump to Solution

Posted on --/--/---- --:-- AM
omidt
Staff
In response to rdeandrade
Reply posted on --/--/---- --:-- AM
@Rachel - FYI
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
jonesfloyd
Staff
In response to rdeandrade
Reply posted on --/--/---- --:-- AM

Also /environments/*/flowhooks/* for attaching, detaching, and viewing shared flows on flow hooks.

Adding this info to the docs.

Jump to Solution
0 Likes