Unknown macro: {next_previous_links}
Skip to end of metadata
  • Created by Former user, last modified by Former user on Jan 19, 2018
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Roles contain permissions for users to manage the server. They can be reused and they eliminate the overhead of granting permissions to users individually.

Throughout this documentation, we use the following roles that are typically used in many enterprises. You can also define different user roles depending on your requirements.

  • admin: The API management provider who hosts and manages the API Gateway and is responsible for creating users in the system, assigning them roles, managing databases, security, etc. The Admin role is also used to access the WSO2 Admin Portal (https://<APIM_Host>:<APIM_Port>/admin), where you can define workflow tasks, throttling policies, analytics configurations, etc. The Admin role is available by default with the credentials admin/admin. By default, this role contains all the permissions (including super admin permissions) in the permission tree. 
  • creator: A creator is typically a person in a technical role who understands the technical aspects of the API (interfaces, documentation, versions etc.) and uses the API publisher to provision APIs into the API store. The creator uses the API Store to consult ratings and feedback provided by API users. Creator can add APIs to the store but cannot manage their lifecycle.Governance permission gives to a creator to govern, manage and configure the API artifacts.
  • publisher: A person in a managerial role and overlooks a set of APIs across the enterprise and controls the API lifecycle, subscriptions and monetization aspects. The publisher is also interested in usage patterns for APIs and has access to all API statistics.
  • subscriber: A user or an application developer who searches the  API store to discover APIs and use them. S/he reads the documentation and forums, rates/comments on the APIs, subscribes to APIs, obtains access tokens and invokes the APIs.

Follow the instructions below to create the creator, publisher and subscriber roles in the API Manager for example.

Creator, Publisher and Subscriber roles are available by default in API Manager.

Create user roles

  1. Log in to the management console (https://<APIM_Host>:<APIM_Port>/admin) as admin (default credentials are admin/admin).

  2. In the Main menu, click Add under Users and Roles.   

  3. Click Add New Role.

  4. Enter the name of the user role (e.g., creator) and click Next.

    Tip: The Domain drop-down list contains all user stores configured in the system. By default, you only have the PRIMARY user store. To configure secondary user stores, see /wiki/spaces/RUTH100/pages/40599585.

  5. The permissions page opens. Select the permissions according to the role that you create. The table below lists the permissions of the creator, publisher and subscriber roles which are available by default:

    RolesPermissionsUI
    creator
    • Configure > Governance and all underlying permissions.
    • Login
    • Manage > API > Create 
    • Manage > Resources > Govern and all underlying permissions 
    publisher
    • Login
    • Manage > API > Publish

    subscriber

    • Login
    • Manage > API > Subscribe

  6. Click Finish once you are done adding permissions.

When a user creates an application and subscribes to an API, a role is created automatically as shown below.

"Application/<username>_<applicationName>_PRODUCTION"

These roles are not assigned any permissions when created. The application is visible only to users of that particular role. For other users to be able to view the application, a user with admin privileges has to assign the role to the users.




  • No labels
Unknown macro: {next_previous_links2}