Hi,
I wanted to grant access to a Custom Role to Create/Update/Delete KVMs for only to given KVM in a given Apigee environment only (like Dev).
Scenario is: Once the Apigee Org Admin creates a KVM and grants the Custom Role the permission to that KVM, the developer (associated to the Custom Role) can then add/update/delete Key/Value pairs in that KVM as he or she needs for their proxy development purposes, without Org Admin becoming the bottleneck; but at the same time, limiting their access to other Apigee environment like Test or Prod.
Is there a way to do that?
I tried the following (by specifying the Environment & KVM in the ResourcePermission); but its not limiting the access to 'test' region as specified for the specified role, developer is able to list key-value pairs in Prod region as well.
curl -u "{Org_Admin_EMailId}:{Org_Admin_Password}" -i -n -k -X POST -H content-type:application/xml -H accept:application/xml "https://api.enterprise.apigee.com/v1/o/{Org_Name}/userroles/{Custom_Role_Name}/permissions" -d '<ResourcePermission path="/environments/test/keyvaluemaps/{KVM_Name}"><Permissions><Permission>get</Permission><Permission>put</Permission><Permission>delete</Permission></Permissions></ResourcePermission>'
Thanks,
Aneesh.
Solved! Go to Solution.
Hi Aneesh,
Your permissions for this custom role allow PUT and DELETE as well as GET to the KVMs in the test region.
But your statement is:
developer is able to list key-value pairs in Prod region as well.
You refer here specifically to listing KVM. a GET operation. That is as expected. I think most users can perform GET on the KVM.
Did you try PUT and DELETE in the prod environment? Results?
Hi Aneesh,
Your permissions for this custom role allow PUT and DELETE as well as GET to the KVMs in the test region.
But your statement is:
developer is able to list key-value pairs in Prod region as well.
You refer here specifically to listing KVM. a GET operation. That is as expected. I think most users can perform GET on the KVM.
Did you try PUT and DELETE in the prod environment? Results?
Thanks Dino. You are right!
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |