Solved: Is Non Admin user allowed to create proxy using ap...

LinkedIn · 09-05-2017 07:12 AM

Hi,

I am able to create proxy using the below management apis and I am admin user, but when I tried with a non-admin user, I got Unauthorized error, by the way the non admin user is able to create the proxy etc from the apigee edge portal.

Wanted to know if an non admin user can create a proxy using the below Management Apis:

http://docs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/apis

http://docs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/apis-0

Thanks in Advance,

Sambit.

llynch

Hi @Sreenivas Sadhu Prabhakara,

I just tested this with a custom role (and also using the Business User role). I defined a custom role using the information you provided, and did not have the Create (aka PUT) permission for API proxies set. As expected, I am not able to create an API proxy using either the UI or API. So it's working as expected on my end. But that doesn't explain the behavior you are seeing. I'm perplexed.

But to answer your original question, you can define a custom role that allows user to perform specific functions. (User built-in role also allows proxy creation.) That is, you don't HAVE to be an organization administrator to create an API proxy if you have the right OOTB/custom role assigned.

HTH,

Liz

View solution in original post

anilsr

@sambitrathap What do you mean "non admin" user in edge UI ? Which user role exactly ? I am not aware of any oob role called "non admin".

LinkedIn

Hi Anil,

By non-admin user, I meant, users who are not part of the "Organization Administrator" role.

The user is able to create proxy using the portal, but is not able to create proxy using the management Api.

llynch

Hi @sambitrathap,

The following documentation sections may be helpful to review:

Though, it is interesting that the behavior of the UI and API are inconsistent. Can you share what roles/operations are enabled for the non-admin user? I'd like to test it.

Thanks!

Liz

sreenivas_sp

hi @Liz Lynch,

It is possible to create api proxies in EDGE UI without Admin permissions.

However, based on ones role set up , one would be able to -- not-view / view / edit / trace on any proxy not created by the same user.

hope this helps.

llynch

Hi @Sreenivas Sadhu Prabhakara,

I just tested this with a custom role (and also using the Business User role). I defined a custom role using the information you provided, and did not have the Create (aka PUT) permission for API proxies set. As expected, I am not able to create an API proxy using either the UI or API. So it's working as expected on my end. But that doesn't explain the behavior you are seeing. I'm perplexed.

But to answer your original question, you can define a custom role that allows user to perform specific functions. (User built-in role also allows proxy creation.) That is, you don't HAVE to be an organization administrator to create an API proxy if you have the right OOTB/custom role assigned.

HTH,

Liz

LinkedIn

I will get back to you, after getting the details from the end user, in the mean time I had included that user in the organization administrator role, but still she is not able to create API proxy using the management APIs.

Is Non Admin user allowed to create proxy using apigee management api ?