This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Custom Role

Posted on 07-15-2018 11:10 PM
hassanizzeddin
New Member
Reply posted on --/--/---- --:-- AM

Hello,

I am trying to create a new role in Apigee edge, the desired role should have the same permissions as "organization administrator" with excluding a few permissions like managing users and roles, at the same time the user who has this role should be able to manage virtualhosts, TLS keystors, KVM ...etc.

Is this feasible? if so what is the steps that should be followed in order to do that?

Is there a way to cloning the "organization administrator" role?

kindly advise.

Thanks,

0 1 235
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

You can create custom roles like that.

To examine the permissions on a role, you can do something like this: 

curl -i -H 'Authorization: ****' \
 -X GET \
 $mgmtserver/v1/o/$ORG/userroles/orgadmin/permissions

The permissions model is hierarchical. The orgadmin has permissions at the root (/), which cascade to every other resource in the organization. You cannot just copy the permissions for orgadmin and then ... remove... some fo those permissions.

You need to explicitly grant the more limited set of permissions for the new role. I suggest that you examine the readonly-orgadmin role. And create a new role, adding permissions to follow the pattern for readonlyadmin. In those permissions, allow reads on users and roles, but reads and writes on everything else. 

curl -i -H 'Authorization: ***' \
 -X GET \
 $mgmtserver/v1/o/$ORG/userroles/readonlyadmin/permissions
0 Likes