Adding provider organization users and assigning roles

If you have the permissions that are required to edit users, you can add users to a provider organization, remove users, assign roles and perform other user administration tasks.

Procedure

To add users and assign user roles for your provider organization, complete the following steps:

  1. If you have not previously pinned the UI navigation pane then click the Navigate to icon The Navigate to icon.
    The API Manager UI navigation pane opens. To pin the UI navigation pane, click the Pin menu icon The Pin menu icon..
  2. [V5.0.4 and earlier] In the Navigation pane, click Admin, then click Users.
  3. [V5.0.5 or later] In the Navigation pane, click Admin, then click Members.
  4. Click Add. The Add User window is displayed.
    For information on how to create and configure registries for API Manager users, see Specifying the cloud settings.
  5. Specify a user and assign the user a role:
    1. Optional: To authenticate API Manager users with a local registry, complete one of the following steps:
        • To add an existing user , click Existing User, then enter a search string and select the user from the Search Results scroll window.
        • To add a new user, click New User, then enter the user's email into the text field.
    2. Optional: To authenticate API Manager users with LDAP, enter a search string and select the user from the Search Results scroll window.
      Note: When you use a local registry or LDAP, if the search returns more than 100 results, refine your filter string.
    3. Optional: If the provider is an authentication URL, enter the email address of the intended invitee.
    4. Assign the user a role by completing the following steps:
      1. [V5.0.3 and earlier]Click the The add icon icon. The Assign Role window displays a list of available roles. Roles that are shown are those available to the provider organization and any custom roles created. As new roles are created, they are displayed in the Assign Role window.
        Note: If you assign a user more than one role, the user obtains permissions for both roles.
      2. In the Assign Role section, select the user role. The assigned role is displayed if you navigate to the Roles column of the Users window. The following roles are available and displayed:
        Administrator
        The Administrator can create and edit APIs, operations, Products, developer organizations, users, identity providers, and Catalogs.
        Product Manager
        The Product Manager is responsible for commissioning APIs and tracking their business adoption. The Product Manager can perform the same tasks as the developer as well as being able to create and edit Developer organizations.
        API Developer
        API Developers create and configure APIs, Products, and policies for provider organizations of which they are a member. An API Developer can be a member of one or more provider organizations. The API Developer focuses on the technical implementation of APIs more than they do on the business relationship with application developers.
        [V5.0.4 and earlier]Publisher
        [V5.0.4 and earlier]The Publisher manages the lifecycles of APIs and publishes Products to selected communities of application developer organizations.
        [V5.0.5 or later]API Administrator
        [V5.0.5 or later]The API Administrator manages the lifecycles of APIs and publishes Products to selected communities of application developer organizations.
        Custom
        You can create custom roles and specify the permissions and functionality. The role appears in the list only after you have created it. For more information on creating custom roles, see Creating custom roles.
        Note: When a provider organization is created, the specified owner is automatically given the Owner role, and is granted all permissions. The Owner role for a provider organization cannot be assigned to another user.

        For full details of the permissions that are assigned to the various API Manager roles, see API Connect user roles.

  1. Click Add.
    The user's name is added to the Name column and the email invitation is sent. Invitation Pending is displayed in the Status column of the Users window.
    Important: When a user is invited to join a provider organization that is secured by using LDAP, the user name that is created is case-sensitive regardless of whether the LDAP registry is configured to be case sensitive. Therefore, if a user is sent an invitation that includes a user name of USERA@mail.com, this user must sign in to the API Manager user interface with USERA@mail.com (and not usera@mail.com). If the user enters the Username incorrectly due to using the wrong case, the user cannot sign in and an error is displayed.

Results

The API Connect user account is created and is activated when the invitee opens the email and clicks the activation link.

What to do next

The new user can access the API Manager user interface. The user's authorization within API Manager is defined by the roles that are assigned to them.