Creating User Roles
Roles contain permissions for users to manage the Server. You can create different roles with various combinations of permissions and assign them to a user or a group of users.
Follow the instructions below to create the "creator", "publisher" and "subscriber" roles using the API Manager's Management Console.
1. Log on to the Management Console and select "Users and Roles" under the "Configure" menu . For instructions on accessing the Management Console, refer to section Introducing the Management Console.
2. In the "User Management" window which appears, click "Roles." Â
3. In the "Roles" window, click on the "Add New Role" link.
Â
Adding the 'creator' Role
4. Add user roles as "creator" and click "Next." Â
5. The "creator" role should be given the following privileges, which should be selected from the list of permissions that appears.
- Configure > Governance and all underlying permissions.
- Login
- Manage > API > Create
- Manage > Resources > Govern and all underlying permissions.
Â
Any user with the above permissions assigned, is able to create, update and manage APIs using the API Publisher Web interface.
6. Click "Finish" once you are done adding permission. The role will be listed in the "Roles" window as follows:
From here, you can rename, edit, delete or assign users to the role.
Adding the 'publisher' Role
4. In the "Add Role" window, add user role as "publisher" and click "Next." Â
5. The "publisher" role should be given the following privileges, which should be selected from the list of permissions that appears.
- Login
- Manage > API > Publish
Â
Any user with the above permissions assigned, is able to manage the API's life cycle using the API Publisher Web interface.
6. Click "Finish" once you are done adding permission. The role will be listed in the "Roles" window as follows:
From here, you can rename, edit, delete or assign users to the role.
The Default 'globalAPIPublisher' Role
The "globalAPIPublisher" role is defined out-of-the-box when you log into the API Manager Web console. This role provides both API creation and publication permissions. Hence once a user assigned to this role,he/she could do both API creation and publishing tasks.
The Default 'subscriber' Role Â
When you first log in to the Management Console, you can see the "subscriber" role already there, defined out of the box. The reason is because the subscriber role is assigned to all users who self-register to the API Store.Â
Follow the instructions below, if you wish to create a different role with the same permission levels as the default subscriber role.
4. In the "Add Role" window, add a suitable name for the role and click "Next." For example,
5. The "publisher" role should be given the following privileges, which should be selected from the list of permissions that appears.
- Login
- Manage > API > Subscribe
Any user with the above permissions assigned, is able to log in to the API Store and perform operations on the published APIs.
6. Click "Finish" once you are done adding permission. The role will be listed in the "Roles" window as follows:
7. Open the api-manager.xml file at location <PRODUCT_HOME>/repository/conf and edit accordingly the <SelfSignUp> node to reflect the newly added role. For example,
<SelfSignUp> <Enabled>true</Enabled> <SubscriberRoleName>NewSubscriber</SubscriberRoleName> <CreateSubscriberRole>true</CreateSubscriberRole> </SelfSignUp>
Info
The <CreateSubscriberRole> parameter specifies whether the subscriber role should be created in the local user store or not. It is only used when the API subscribers are authenticated against the local user store. That means the local Carbon server is acting as the AuthManager.
If a remote Carbon server is acting as the AuthManager, this parameter should be set to "false."
Once the file is edited, users created via the self-sign up mechanism in the API Store are automatically assigned the "NewSubscriber" role created above.