Permission management for multiple providers in API Portal

Can I give users permission to manage only certain APIs in API Portal?

What product/components do you use and which version/fix level?

API-Portal 10.7

What are trying to achieve? Please describe in detail.

What I already know: API Portal has the user role “API Provider”, which can be assigned to users allowing them to create and manage APIs. Additionally, there is the concept of “providers”, which are linked to specific APIs for configuring token request notifications for these APIs.
What I wonder about: However, I don’t see how to link these similarly named aspects while I imagine that such a link could be used for scoped API management permissions: Is it possible to limit the management permissions of a user (with API Provider role) to a specific provider’s APIs such that the user can only create and manage APIs under that provider and not under other providers?

Scenario / use case: Consider the following scenario for the question: Let’s say, company A and company B want to use the same API Portal (the API Portal is some kind of API market place). Employee A.1 of company A and employee B.1 of company B shall manage the APIs of the respective company in the API Portal. But they should not be allowed to manage APIs of the other company. Is this possible with the permission management of API Portal? How should I do this? As of now, I only know how to grant the API Provider role (via UMC) to a user, but this allows the user to manage any API.

1 Like

Hi @Christian_Winter1 ,

We have feature named Communities in API Portal( Please refer the link for more details - Communities (softwareag.com))

You can create different communities and assign users to the community. So only the users who are part of this community can manage the API in API portal

Regards

Hi @Sahana_Manne_Siddagangaiah ,
thank you for the hint. Now I’ve learned what these communities are! While experimenting with community configurations, I had the feeling that I’m on the right track. However, finally I noticed, that API Providers can manage any API irrespective of their assignment to communities and irrespective of the assignment of APIs to communities. Thus communities only regulate the exposure of APIs to regular users, but unfortunately, communities do not limit the management permissions of API Providers. However, the latter aspect is what I’d like to control.
Best regards,
Christian

Does anybody have an idea how to prevent that API Providers can manage any API, i. e. even APIs beyond their own communities (see my previous post)?
Or does anybody have a different approach to solve the initial problem?

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.