Unknown macro: {next_previous_links}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Roles contain permissions for users to manage the Server. You can create different roles with various combinations of permissions and assign them to a user or a group of users.

Follow the instructions below to create the "creator", "publisher" and "subscriber" roles using the API Manager's Management Console.

1. Log on to the Management Console and select "Users and Roles" under the "Configure" menu . For instructions on accessing the Management Console, refer to section Introducing the Management Console.

2. In the "User Management" window which appears, click "Roles."  

3. In the "Roles" window, click on the "Add New Role" link.

 

Adding the 'creator' Role

4. Add user roles as "creator" and click "Next."  

5. The "creator" role should be given the following privileges, which should be selected from the list of permissions that appears.

  • Configure > Governance and all underlying permissions.
  • Login
  • Manage > API > Create
  • Manage > Resources > Govern and all underlying permissions.

 

Any user with the above permissions assigned, is able to create, update and manage APIs using the API Publisher Web interface.

6. Click "Finish" once you are done adding permission. The role will be listed in the "Roles" window as follows:

From here, you can rename, edit, delete or assign users to the role.

Adding the 'publisher' Role

4. In the "Add Role" window, add user role as "publisher" and click "Next."  


5. The "publisher" role should be given the following privileges, which should be selected from the list of permissions that appears.

  • Login
  • Manage > API > Publish

 

Any user with the above permissions assigned, is able to manage the API's life cycle using the API Publisher Web interface.

6. Click "Finish" once you are done adding permission. The role will be listed in the "Roles" window as follows:


From here, you can rename, edit, delete or assign users to the role.

The Default 'globalAPIPublisher' Role

Note the "globalAPIPublisher" role already defined out-of-the-box when you log-in to the API Manager Web console. This role enables an API publisher to view APIs that are private to other API publishers.

For example, say a user by the name 'testuser' is assigned the 'publisher' role created in the previous section. testuser can view private APIs of other publishers only if those APIs are shared with the 'publisher' role. This is set by editing the visibility field of an API by an API developer. However, if testuser is assigned the "globalAPIPublisher" role in addition to the 'publisher' role, he/she can view and publish APIs that are private to other API publishers irrespective of what roles the 'visibility' of those APIs are set for by developers. Through the "globalAPIPublisher" role, all API publishers can access and manage a shared pool of APIs.

The Default 'subscriber' Role  

When you first log in to the Management Console, you can see the "subscriber" role already there, defined out of the box. The reason is because the subscriber role is assigned to all users who self-register to the API Store. 

Follow the instructions below, if you wish to create a different role with the same permission levels as the default subscriber role.

4. In the "Add Role" window, add a suitable name for the role and click "Next." For example,


5. The "publisher" role should be given the following privileges, which should be selected from the list of permissions that appears.

  • Login
  • Manage > API > Subscribe

Any user with the above permissions assigned, is able to log in to the API Store and perform operations on the published APIs.

6. Click "Finish" once you are done adding permission. The role will be listed in the "Roles" window as follows:

7. Open the api-manager.xml file at location <PRODUCT_HOME>/repository/conf and edit accordingly the <SelfSignUp> node to reflect the newly added role. For example,

<SelfSignUp>
     <Enabled>true</Enabled>
     <SubscriberRoleName>NewSubscriber</SubscriberRoleName>
     <CreateSubscriberRole>true</CreateSubscriberRole>
</SelfSignUp>

Info

The <CreateSubscriberRole> parameter specifies whether the subscriber role should be created in the local user store or not. It is only used when the API subscribers are authenticated against the local user store. That means the local Carbon server is acting as the AuthManager.

If a remote Carbon server is acting as the AuthManager, this parameter should be set to "false."

Once the file is edited, users created via the self-sign up mechanism in the API Store are automatically assigned the "NewSubscriber" role created above.

  • No labels