Restrict Product creation to certain Environments.

Hi, we have the following environments

test

dev

uat

production

Can an organization administrator allow developers to create/modify products for certain environments and not higher environments?. Like allowing developers to create and modify products for test & dev environment only and not sit and production?. It's just that our org administrator remove access for us to even create and even view products on all environments. All the while they only need to remove our access to uat & production. Is this how its supposed to be?. It's just that we modify the products alot during testing/development and requesting tickets just to rename or remove certain proxies for lower environments which shouldnt be will take alot time.

Solved Solved
1 3 296
1 ACCEPTED SOLUTION

Hi Joshua,

I think the separation of pre-production and production environments and the control over where products can be created makes sense. To prevent the issue you described I have the following solutions:

1. Split your setup into a production org and a non-production org with different RBACs and have a CI/CD flow to propagate proxies between the environments in the different orgs. You might have to check if this is possible with your current subscription.

2. Use some sort of automation to let developers create products for lower environments in a self-service mode. This could be as simple as a cloud function that only accepts API products for dev/test and then uses the Apigee management APIs to create that product.

3. Create a "all proxies product" which is a product with no API proxies specified and enable it for your dev and test environment. This will allow developers to access all proxies and all paths in these environments.

View solution in original post

3 REPLIES 3

Hi Joshua,

I think the separation of pre-production and production environments and the control over where products can be created makes sense. To prevent the issue you described I have the following solutions:

1. Split your setup into a production org and a non-production org with different RBACs and have a CI/CD flow to propagate proxies between the environments in the different orgs. You might have to check if this is possible with your current subscription.

2. Use some sort of automation to let developers create products for lower environments in a self-service mode. This could be as simple as a cloud function that only accepts API products for dev/test and then uses the Apigee management APIs to create that product.

3. Create a "all proxies product" which is a product with no API proxies specified and enable it for your dev and test environment. This will allow developers to access all proxies and all paths in these environments.

Hi thx for the reply. Can't quite do 1 & 2 as our company is just a vendor of Apigee. We're just supporting and developing for a client in Apigee and they manage apigee and what they'd do with it on the higher levels of configurations like that.

But I think 3 would be a great workaround for now. I will have this ticketed already for change and hopefully approve for ease of use during development, Thanks.

Not applicable

Making restriction on environment is not possible. You can use roles on organisations.