Creating custom roles

If you have permission to edit roles in IBM® API Connect, you can create custom roles, and assign permissions, in a provider organization. You can create as many custom roles as you want.

About this task

You create custom roles at the provider organization level; those roles are inherited by the Catalogs and Spaces in the provider organization. You can assign permissions at the provider organization, Catalog or Space level.

For a description of the permissions, and details of the default user roles and default permissions assigned to those roles, see API Connect user roles.

Note: In API Manager, the Organization Owner role has full access and cannot be edited or deleted. All other roles, including custom roles, can be deleted. If you delete a role, users lose that role. If a user loses that role, their account remains in API Manager, enabling you to add a role to the user at a future date.

Procedure

To create a custom role, complete the following steps:

  1. In the navigation pane of the API Manager user interface, click Settings icon Settings
  2. Click Roles, then click Add.
    The Create a Role page opens.
  3. Enter a role Title and an optional Summary. A Name is entered automatically.
    Note: The value in the Name field is a single string that is used to identify the role in developer toolkit CLI commands. The Title is used for display.

    To view the CLI commands to manage roles, see apic roles.

  4. Use the check boxes to assign permissions to the new role.
  5. When you are finished, click Save.
  6. To delete a role, click the options icon options icon alongside the role that you want to delete, click Delete, then click Delete again to confirm the role deletion.
    Note:
    • You can create and delete a role only at the provider organization level. You cannot create or delete a role at the Catalog level. Nor can you create or delete a role at the Space level.

      You can, however, assign Catalog-specific permissions to the role; for details, see Creating and configuring Catalogs. You can also assign Space-specific permissions; for details, see Managing user access in a Space; for more information on Spaces, see Using syndication in API Connect.

    • If you assign Product-Drafts or Api-Drafts permissions to the role, these permissions are not inherited by the role in a Catalog or Space. These permissions apply to working with draft Products and APIs in a provider organization and are not relevant in a Catalog or Space.

Results

The custom role is created and assigned the permissions that you selected.

What to do next

Assign the custom role to a user.