Adding provider organization users and assigning roles
If you have the permissions that are required to edit users, you can add users to a provider organization, remove users, assign roles and perform other user administration tasks.
Procedure
To add users and assign user roles for your provider organization, complete the following steps:
-
If you have not previously pinned the UI navigation pane then
click the Navigate to icon .
The API Manager UI navigation pane opens. To pin the UI navigation pane, click the Pin menu icon .
- In the Navigation pane, click Admin, then click Users.
- In the Navigation pane, click Admin, then click Members.
-
Click Add. The Add User window is displayed.
For information on how to create and configure registries for API Manager users, see Specifying the cloud settings.
-
Specify a user and assign the user a role:
- Optional:
To authenticate API Manager users with a local registry, complete one of the following
steps:
-
- To add an existing user , click Existing User, then enter a search string and select the user from the Search Results scroll window.
- To add a new user, click New User, then enter the user's email into the text field.
-
- Optional:
To authenticate API Manager users with LDAP, enter a search string and select the user from the
Search Results scroll window.
Note: When you use a local registry or LDAP, if the search returns more than 100 results, refine your filter string.
- Optional: If the provider is an authentication URL, enter the email address of the intended invitee.
-
Assign the user a role by completing the following steps:
- Click the icon. The Assign Role window displays a list of available roles. Roles
that are shown are those available to the provider organization and any custom roles created. As new
roles are created, they are displayed in the Assign Role window.Note: If you assign a user more than one role, the user obtains permissions for both roles.
- In the Assign Role section, select the user role. The assigned role is
displayed if you navigate to the Roles column of the Users
window. The following roles are available and displayed:
- Administrator
- The Administrator can create and edit APIs, operations, Products, developer organizations, users, identity providers, and Catalogs.
- Product Manager
- The Product Manager is responsible for commissioning APIs and tracking their business adoption. The Product Manager can perform the same tasks as the developer as well as being able to create and edit Developer organizations.
- API Developer
- API Developers create and configure APIs, Products, and policies for provider organizations of which they are a member. An API Developer can be a member of one or more provider organizations. The API Developer focuses on the technical implementation of APIs more than they do on the business relationship with application developers.
- Publisher
- The Publisher manages the lifecycles of APIs and publishes Products to selected communities of application developer organizations.
- API Administrator
- The API Administrator manages the lifecycles of APIs and publishes Products to selected communities of application developer organizations.
- Custom
- You can create custom roles and specify the permissions and functionality. The role appears in the list only after you have created it. For more information on creating custom roles, see Creating custom roles.
Note: When a provider organization is created, the specified owner is automatically given the Owner role, and is granted all permissions. The Owner role for a provider organization cannot be assigned to another user.For full details of the permissions that are assigned to the various API Manager roles, see API Connect user roles.
- Click the icon. The Assign Role window displays a list of available roles. Roles
that are shown are those available to the provider organization and any custom roles created. As new
roles are created, they are displayed in the Assign Role window.
- Optional:
To authenticate API Manager users with a local registry, complete one of the following
steps:
-
Click Add.
The user's name is added to the Name column and the email invitation is sent. Invitation Pending is displayed in the Status column of the Users window.Important: When a user is invited to join a provider organization that is secured by using LDAP, the user name that is created is case-sensitive regardless of whether the LDAP registry is configured to be case sensitive. Therefore, if a user is sent an invitation that includes a user name of USERA@mail.com, this user must sign in to the API Manager user interface with USERA@mail.com (and not usera@mail.com). If the user enters the Username incorrectly due to using the wrong case, the user cannot sign in and an error is displayed.