A role within the Anypoint Platform is a set of pre-defined permissions for each different product within the Platform.
Depending on the product, you can find pre-defined roles with their standard permissions, or you can customize your own permissions for each role.
The Access Management section grants you a space in which you can create Roles for the products to which you own the appropriate entitlements.
2. Assumptions
This presentation assumes that you have an Organization
Administrator role in your organization, or that you have API Version
Owner permissions and want to manage user permissions for your
API version.
3. Overview
A role within the Anypoint Platform is a set of pre-defined
permissions for each different product within the Platform.
Depending on the product, you can find pre-defined roles with their
standard permissions, or you can customize your own permissions for
each role.
The Access Management section grants you a space in which you can
create Roles for the products to which you own the appropriate
entitlements.
4. Default Roles
These are the default roles available in every new organization
and business group when first created:
Role Name Description
API Creators Create and manage API versions in the Anypoint Platform for APIs.
Members of the API Creator role have the ability to add new APIs to
the platform on the API administration page.
This role grants no permissions on CloudHub.
Portals Viewer Portal Viewers can see a list of the Private API Portals to which
they have Portal Viewer permissions from the Developer Portal.
They can also click to view those API Portals.
Note that the ability to view an API Portal does not automatically
give a user access to the API. Also note that you cannot grant
Portal Viewer permissions unless the API has an API Portal.
5. Role Name Description
API Version Owner API Version Owners can view specific versions of the API that they own.
They inherit Portal Viewer permissions by default for any API Portals that you
create for the API versions they own.
Audit Log Viewers Users of this role have access to the UI for the Audit Log under Access
Management.
Cloudhub Admin Access to all CloudHub functionality.
Cloudhub Developer Access to all CloudHub functionality, except organization and billing settings.
Cloudhub Support Read-only access to dashboards, notifications, alerts, logs, and their user settings.
Organization Administrators Editing access to all versions of all APIs, all registered applications, and all API
Portals in the Anypoint Platform. Access to the Organization Administration page,
where they can add and manage users and roles, view and edit organization
details, access the client ID and client secret for the organization, and customize
the theme of the Developer Portal.
Members of the Organization Administrator role also inherit the role of API
Creator by default.
Exchange Administrators Approves Exchange artifacts that the contributor creates so that the artifact can be
published in Exchange
Exchange Contributors Contributes Exchange artifacts.
Exchange Viewers Views Exchange artifacts
6. * * * IMPORTANT
If you click on a role, you can edit it, change its name or description
and add or remove users to it.
The user who first signs up for the Anypoint Platform organization is
known as theOrganization Owner. This is not a role but an identifier for
this single user, who inherits the Organization Administrator role by
default.
When the Organization Owner creates a business-group, it must assign
a user as the owner of it. This user holds an Administrator role within
that business group by default.
7. Managing Roles
To access
the Roles menu, first
make sure you’re in the
correct business group
(by clicking the menu
next to your username
on the top-right of the
screen), then click the
appropriate link in the
left menu.
8. Creating Custom Roles
As an organization administrator, you can create custom roles by
combining API resources, permissions, and users.
Click the Roles tab in the left navigation of your Organization Administration
page.
Click Add role.
Enter a Name and Description for your custom role.
Your custom role now appears in your list of roles. Click the name of your new
role to assign permissions to it.
9. Assigning Permissions to Roles
By clicking a role name, you can access more information about that role,
change its name and description, add permissions to it, or assign this role
to specific users.
Depending on the product to which the role is associated, these options
may vary. For example, API roles cannot be removed and their permissions
cannto be modified, however you can add a description and add users to
that role.
Depending on the amount of products you own in the Anypoint Platform,
the tabs displayed under the Permissions tab vary as well. Usually it’s one
tab per product enabled on your organization.
By default, all Anypoint Platform accounts have API and Runtime
Manager permissions.
10. To add permissions to a role do the following:
Make sure you’re in the right business group
Pick the Permissions tab
Choose the product whose permissions you want to assign
If you want to assign API permissions
Start typing your API name in the Select the API resource by name field
Select the version of the API. You can also choose all to grant privileges to all versions of the API you selected
Select the API permission you wish to grant.
(API Permissions share the same name as API Roles and they grant the same privileges)
If you want to assign Product Permissions:
Type in the name of one of the environments existing in your organization (if these environments belong to a
business group, they are only be available when creating a role in that same business group)
Now you are able to select what permissions to grant within that environment. You can also pick Select All to
assign all permissions related to that environment to that role.
Click the + icon to the right to add those permissions to the role
11. * * * IMPORTANT
Note that product permissions are specific to a single environment, so if
you have multiple environments and want to give a role the same
permissions on all, you must add these permissions multiple times, one for
each environment.
12. Role Mapping
You can set up your Anypoint Platform organization so that when a SAML
user belongs to certain groups, Anypoint Platform automatically grants
certain equivalent roles in your Anypoint Platform organization.