This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Can multiple teams within a company using Apigee only see their own sets of APIs through RBAC?

Posted on 12-13-2017 05:11 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hello

We have multiple teams using Apigee Edge. These teams are responsible for their own API proxies and are geographically spread. Ideally, we would like each team to only see API proxies they create in the future to isolate projects and ensure no other team accidentally impacts any other teams API proxies.

We are wondering if RBAC can be used to ensure teams can only see API proxies that they create ?

Any suggestions? Can this be based off an API proxy naming convention whereby RBAC allocates API proxies to teams based on an API proxy naming strategy?

Any ideas welcome. We wouldn't want to associate RBAC always for existing proxies, as it should also cater new future API proxies too.

4 7 579
Topic Labels
7 REPLIES 7

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Any ideas or suggestions for this type of use case? If its not possible currently perhaps this can be a suggestion for a future roadmap item. Thanks!

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

I believe there is a teams capability coming soon in Edge. I don't work for Apigee but that's what I have heard.

0 Likes

Posted on --/--/---- --:-- AM
mattz
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We are also facing the problem with multiple teams working in the same (Apigee) organization and are looking for a solution.

Has anyone good or bad experience with the pattern described above ("API proxy naming convention whereby RBAC allocates API proxies to teams based on an API proxy naming strategy")?

Are there other/better solutions to this problem?

Can we expect full team support in Edge anytime soon?

0 Likes

Posted on --/--/---- --:-- AM
sjm2000
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Does anyone have any updates on this?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Yes, there are roles for each proxy in old edge UI. One api will be only visible to the users of the role assigned to that api. This is simple and easy.

In new edge UI, in the role only you can add the specific proxies they can see.

0 Likes

Posted on --/--/---- --:-- AM
guycrets
Silver 1
Silver 1
In response to
Reply posted on --/--/---- --:-- AM

What do you mean with "new edge UI"? Do you refer to Apigee Hybrid?

Question about multiple teams within single tenant remains very relevant. But challenging without e.g. support for regex/patterns in authorizations/role-definitions.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

In Apigee roles, you have option to add the proxies. The specific roles can see those APIs only. Other APIs will not be visible to users of that role.

When I said new ege ui, means the newer version of Apigee ui that is available for last couple of Apigee versions.