Setting Permissions in API Manager

In this article

Overview

Permissions grant access to assets in the APIM space. You can set permissions at the three levels of the asset hierarchy in the API Manager console: the /apim space, APIs, and Versions. The Permissions tab for all three levels lists the username or group permission is assigned to, the access type of the permission, and if it applies to all APIs and Versions.

As an Org admin, you can set permissions for users at the /apim space level in addition to the APIs and versions for users and groups. When you create an API, you can set permissions at the API and version levels. The owner of the API is automatically added as a user.

Access Types

The API Manager console has the following permission types:

  • Owner/Full Access: Automatically assigned to the creator of an API asset or version. Accordingly, you cannot select this option.
  • Read and Execute: Select to give access to view API assets and call API endpoints.
  • Read Only: Select to give access to view API assets.
  • Read and Write: Select to give read and write access to API assets.
  • Full Access: Select to give permissions to view, create, modify, and call API calls.

For details, see API Management User Permissions.

Adding Permissions in the APIM Space

  1. In Manager, click API Management > API Manager on the left pane, and then click  to view the Add Permission dialog.



  2.  In the Add Permission dialog, configure the following settings and then click Add.
    1. Username or group: Choose the user or group.
    2. Access: Choose the permission type.
    3. Apply access to APIs and versions: Select the checkbox to give permissions at all three levels - the /apim space, APIs, and Versions.



  3. Verify that the correct permissions are set for the target user in the API > Permissions tab.

Add Permissions to APIs

  1. Navigate to API Management > API Manager, then select the target API.

  2. Click the Permissions tab.



  3. Click  to view the Add Permissions dialog window, then select the following options:
    1. Username or group: Choose the user or group.
    2. Access: Choose the Permission type.
    3. Apply access to all APIs and versions: Select the checkbox to give permissions to an API and its versions.



  4. Verify that the correct permissions are set for the target user in the Permissions tab for that API.

Add Permissions to Versions

  1. Navigate to API Management > API Manager, and select the target version of the API.

  2. Click the Permissions tab.



  3. Click  to view the Add Permissions dialog window, then make the following selections:
    • Username or group: Choose the user or group
    • Access: Choose the permission type.
    • Apply access to all APIs and versions: Select the checkbox to give permission to all versions of an API.



  4. Verify that the correct permissions are set for the target user in the Permissions tab for that API version.

Deleting a Permission

As an Org admin, you can delete a permission at any level API Manager hierarchy.

API developers can only set permissions to APIs or versions they own.

To delete a permission:

  1. Navigate to the target permission.

  2. Click  to delete the permission from a version, API, or the API Manager console.
    The following image shows the delete icon at the version level.

API Management User Permissions

In the API Management feature, permissions are based on the same model as other assets in the IIP. Only the Org adminOwner ,and User with Full Access can edit the permissions. Refer to Managing Your Developer Portal Settings for more information.

Users and Groups created in ManagerPermissions can apply to both users and groups:

  • Username: The email of the user
  • Group: <Group_Name>(Group)

The following table provides a matrix for access at the different levels of the APIM hierarchy:

User TypeAPI DetailsVersionPermissions
Org AdminEditEditEdit
User with Read accessRead OnlyRead OnlyRead Only
User with Read and ExecuteRead OnlyRead OnlyRead Only
User with Read and WriteEditEditRead Only
User with Full AccessEditEditEdit*
Owner/Full AccessEditEditEdit

A user has Edit* permission when the Allow users with Full-Access permissions to publish checkbox is enabled by the Org admin.