Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: ✉️: Definition for each of the permissions associated with APIM components

...

  • admin: The API management provider who hosts and manages the the API Gateway and is responsible for creating users in the system, assigning them roles, managing databases, security, etc. The Admin role is also used to access the WSO2 Admin Portal (https://<APIM_Host>:<APIM_Port>/admin), where you can define workflow tasks, throttling policies, analytics configurations, etc. The Admin role is available by default with the credentials admin/admin. By default, this role contains all the permissions (including super admin permissions) in the permission tree. 
  • creator: A creator is typically a person in a technical role who understands the technical aspects of the API (interfaces, documentation, versions etc.) and uses the API publisher to provision APIs into the API store. The creator uses the API Store to consult ratings and feedback provided by API users. Creator can add create APIs to in the store API Publisher but cannot manage their lifecycle. Governance permission gives to a allows the creator to govern, manage and configure the API artifacts.
  • Anchor
    publisher-role
    publisher-role
    publisher:
    A person in a managerial role and overlooks a set of APIs across the enterprise and controls the API lifecycle, subscriptions and monetization aspects. The publisher is also interested in usage patterns for APIs and has access to all API statistics.
  • subscriber: A user or an application developer who searches the  the API store to discover APIs and use them. S/he The subscriber reads the documentation and forums, rates/comments on the APIs, subscribes to APIs, obtains access tokens and invokes the APIs.

...

  1. Log in to the management console (https://<APIM_Host>:<APIM_Port>/admin) as admin (default credentials are admin/admin).
  2. In the Main menu, click Add under Users and Roles.   

  3. Click Add New Role.

  4. Enter the name of the user role (e.g., creator) and click Next.

    Info

    Tip: The Domain drop-down list contains all user stores configured in the system. By default, you only have the PRIMARY user store. To configure secondary user stores, see /wiki/spaces/RUTH100/pages/40599585.

  5. The permissions page opens. Select the permissions according to the role that you create. The table below lists the permissions of the creator, publisher and subscriber roles which are available by default:

    RolesPermissionsUIAllowed Functions
    adminAll permissions

    Image Added

    • Log in to API Publisher, API Store and Admin Portal
    • All functions available in the API Publisher, API Store and Admin Portal
    creator
    • Configure > Governance and all underlying permissions.
    • Login
    • Manage > API > Create 
    • Manage > Resources > Govern and all underlying permissions 
    • Log in to API Publisher
    • Create APIs
    • Edit own APIs
    • View APIs created by others
    • View API Publisher analytics
    publisher
    • Login
    • Manage > API > Publish
    • Log in to API Publisher
    • View and publish APIs created by others

    subscriber

    • Login
    • Manage > API > Subscribe

    • Log in to API Store
    • Create applications
    • Subscribe to APIs
    • Obtain access tokens and invoke APIs
    • Rate/comment on APIs
    • Create forum topics
    • View API Store analytics
  6. Click Finish once you are done adding permissions.

Info

When a user creates an application and subscribes to an APIgenerates application keys, a role is created automatically as shown belowin the following format.

Code Block
"Application/<username>_<applicationName>_PRODUCTION"

These roles are do not assigned have any permissions when created. The application is visible only to users of that particular role. For other users to be able to view the application, assigned to it, but it is used to manage the visibility of the corresponding service provider that is created in the format of '<username>_< applicationName>_PRODUCTION'within the Key Manager. The created service provider is only visible to users with the latter mentioned role that has been generated automatically. Only if a user with admin privileges has to assign assigns the latter mentioned role to the usersa user, will that user be able to view the details of the service provider that is created per application.