This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to restrict access to Configurations on APIGEE

Posted on 09-05-2019 07:02 AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

Hi,

I want to restrict access to Org and Environment configurations on Edge UI.

For example, KVMs, Target Servers, Apps, Caches etc., should not be editable on Edge UI. They should be created/updated using the Maven Config tool using CICD.

Please point me to the setting in the user roles to give READ-ONLY Access to the configurations on the Edge UI.

Thanks in advance!

Solved Solved
0 6 331
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

While using the management apis to can refer below url ,

https://docs.apigee.com/api-platform/system-administration/permissions#key-value-maps-kvms

https://docs.apigee.com/api-platform/system-administration/permissions#target-servers

Sample Curl,

curl -X POST --header "Content-Type: application/json" --header "Authorization: Basic base64encoded" -d "{
 \"resourcePermission\" : [ 
   {
    \"path\" : \"/environments/*/targetservers\",
    \"permissions\" : [ \"get\"]
   }, 
   {
    \"path\" : \"/environments/*/targetservers/*\",
    \"permissions\" : [ \"get\"]
   }, 
   {
    \"path\" : \"/keyvaluemaps/*\",
    \"permissions\" : [ \"get\"]
   }
  ]
}" "https://api.enterprise.apigee.com/v1/organizations/{org-eval}/userroles/{role}/resourcepermissions"

View solution in original post

Jump to Solution
6 REPLIES 6

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

You can create Custom roles in Edge and add only View operation for all the required componenets.

https://docs.apigee.com/api-platform/system-administration/creating-custom-roles

https://docs.apigee.com/api-platform/system-administration/creating-custom-roles#usingthemanagementu...

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to sidd-harth
Reply posted on --/--/---- --:-- AM

Hi Sid,

Thank you for a quick response.

Proxy creation/updation on Edge UI is OK. I could not find a way to restrict access to KVMs, Target Servers.

Is that setting within another setting?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

I guess you can use the management apis,

https://apidocs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/userroles/%7Brole_name%...

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

While using the management apis to can refer below url ,

https://docs.apigee.com/api-platform/system-administration/permissions#key-value-maps-kvms

https://docs.apigee.com/api-platform/system-administration/permissions#target-servers

Sample Curl,

curl -X POST --header "Content-Type: application/json" --header "Authorization: Basic base64encoded" -d "{
 \"resourcePermission\" : [ 
   {
    \"path\" : \"/environments/*/targetservers\",
    \"permissions\" : [ \"get\"]
   }, 
   {
    \"path\" : \"/environments/*/targetservers/*\",
    \"permissions\" : [ \"get\"]
   }, 
   {
    \"path\" : \"/keyvaluemaps/*\",
    \"permissions\" : [ \"get\"]
   }
  ]
}" "https://api.enterprise.apigee.com/v1/organizations/{org-eval}/userroles/{role}/resourcepermissions"
Jump to Solution

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to sidd-harth
Reply posted on --/--/---- --:-- AM

Will try this and see if that adds the restrictions. Thank you!

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
babuk0930
New Member
Reply posted on --/--/---- --:-- AM

Maneesh,

I dont think you can restrict the access saying that keyvalue maps cannot be editable via edgeui but can be created thru cicd pipeline. I guess we cannot do two different operations on same component.

Currently there is no resource restriction for edge ui.

Restriction is for all types whether thru edgeui/cicd/maven. It is specific to userid not the way he access apigee.

@Siddharth Barahalikar, correct me if i'm wrong

Jump to Solution
0 Likes