Managing permissions
- 2. Assumptions • This page assumes that you have an Organization Administrator role in your organization, that you have been assigned as the administrator of one of the business groups of your Organization, or that you have API Version Owner permissions and that you want to manage user permissions for an API version, a business group or the entire organization.
- 3. How Permissions Work in the Anypoint Platform • In the Anypoint Platform, users belong to an organization and have a set of roles and permissions. • Each role contains a list of permissions that define what a user that holds that role can do with the specific resources it scopes. Certain Roles come with a set of default permissions. As an Organization Administrator, you can create your customized roles and assign the permissions you see fit, or, depending on the product, you can add permissions directly to a specific user, without the need for roles.
- 4. Understanding Permissions • Depending on the amount of products you have in the Anypoint Platform, you’ll see a set of default types of permissions in every new organization and business group when first created. There is, however, one distinction to make between the permission types: • Product Permissions • Default permissions for each Anypoint Platform product (Runtime Manager, Data Gateway, etc). They are environment specific – they grant you the ability to do something within a particular environment, but not to the entire organization • API Permissions • Default Permissions for each API managed from the Anypoint Platform. They can be API version specific or they can be extended to all API versions - you can manage user access based on a particular API version, but you cannot extend those permissions to the entire organization. • You can assign user permissions to edit or view individual API versions or API portals using the following pre-defined roles: API Version Owner and Portal Viewers.
- 5. • Since API versions and Products deployment environments are grouped under organizations (and optionally under business groups too), to access them you need to have an account that owns the necessary permissions and that belongs to its corresponding organization or business group (if such resource exists). • Roles that are assigned at the master organization level can only reference resources that are at the master organization level, roles that belong to a business group can only reference resources within that business group.