API Connect user roles
The IBM® API Connect solution provides an infrastructure, tools, and facilities that allows users to create, manage, and stage APIs. The ability to perform tasks in the API Connect user interfaces is controlled through user roles, and the permissions that are assigned to those roles.
The roles described here are the default API Connect roles. In the API Manager user interface, you can create custom roles; for more information, see: Creating custom roles. You can also create custom roles in the Developer Portal user interface.
User roles and permissions in the API Manager UI
The following tables describe the API Manager UI user permissions.
Permissions | Action | Permits the member to |
---|---|---|
Member | View | View organization's members |
Manage | Manage organization's members | |
Settings | View | View an organization's configuration settings, including roles, TLS profiles, and user
registries. View configuration settings for a Catalog or Space, including policies and OpenAPI extensions. |
Manage | Manage an organization's configuration settings, including roles, TLS profiles, and user
registries. Manage configuration settings for a Catalog or Space, including policies and OpenAPI extensions. |
|
Topology | View | Same permissions as Settings: View . |
Manage | Same permissions as Settings: Manage . |
|
Org | View | View an organization |
Product-Drafts | View | View draft APIs and Products |
Edit | View draft APIs and edit draft Products | |
Api-Drafts | View | View draft APIs |
Edit | Edit draft APIs and view draft Products | |
Product | View | View Products |
Stage | Stage Product | |
Manage | Manage Product | |
Product-Approval | View | View Product lifecycle changes |
Stage | Approve the staging of a Product | |
Publish | Approve the publishing of a Product | |
Supersede | Approve the superseding of a Product | |
Replace | Approve the replacement a Product | |
Deprecate | Approve the deprecation of a Product | |
Retire | Approve the retiring of a Product | |
Consumer-Org | View | View consumer organization and developers |
Manage | Manage consumer organization and developers | |
App | View | View both production and development applications. |
Manage | Manage both production and development applications. A member with this permission can also request the promotion of a development app to a production app. This request triggers a task that needs approval by a member with the App-approval Manage permission. | |
App-Dev | Manage | Same permissions as Settings: Manage . |
App-Approval | View | View application approvals, for requests to promote a development app to a production app. |
Manage | Manage (Approve or Decline) requests for approval to promote a development app to a production app. | |
Subscription | View | View application Plan subscriptions that have been created by application developers in the Developer Portal. |
Manage | Manage the application Plan subscriptions that have been created by application developers in the Developer Portal. The Manage permission includes ability to migrate a subscription to another plan. | |
Subscription-Approval | View | View application Plan subscription approvals. |
Manage | Manage (approve or decline) application Plan subscriptions. | |
Consumer-Onboard-Approval | View | View consumer onboard approvals. |
Manage | Manage (approve or decline) consumer onboard approvals. | |
Api-Analytics | View | View analytics data, as well as access and apply saved analytics queries. |
Manage | In addition to the view permissions, the user can create, update, duplicate, delete, share, and unshare saved analytics queries. | |
Child | View | At the provider organization level, view Catalogs in the provider organization. At the Catalog level, view Spaces in the Catalog. |
Create | At the provider organization level, create Catalogs in the provider organization. At the Catalog level, create Spaces in the Catalog. | |
Manage | At the provider organization level, manage Catalogs in the provider organization. At the catalog level, manage Spaces in the Catalog. Management tasks including deleting a Catalog or Space, or transferring ownership of a Catalog or Space. |
Role | Role description | Permissions | Actions |
---|---|---|---|
Organization Owner | A provider organization owner has the full set of access permissions to API Connect functions, and also commission APIs and tracks their business adoption. | All permissions | All actions. |
Administrator | A provider organization administrator has, by default, the full set of access permissions to API Connect functions, and also commission APIs and tracks their business adoption. | All permissions | All actions. |
API Administrator | API administrators manage the lifecycle of APIs and publish APIs for discovery and use. | All permissions | All actions except cannot manage the following permissions: Member, Settings, Topology, and Child. |
Community Manager | A community manager manages the relationship between the provider organization and application developers, provides information about API usage, and provides support to application developers. | Member | View |
Settings | View | ||
Topology | View gateway services or portal services at the provider organization. | ||
Org | View | ||
Drafts | View, Edit | ||
Product | View | ||
Product-approval | View | ||
Consumer-org | View, Manage | ||
App | View, Manage | ||
App-dev | Manage | ||
App-approval | View, Manage | ||
Subscription | View, Manage | ||
Subscription-approval | View, Manage | ||
Consumer-onboard-approval | View, Manage | ||
Api-analytics | View, Manage | ||
Child | View | ||
Developer | API developers design and develop APIs and applications for the provider organizations to
which they belong. Note: The Developer role allows the creation of Products and APIs, and the staging and publishing of
Products to a Catalog or Space, when assigned to a user at the provider organization level--but not
when assigned to a user who is a member only of a Catalog or Space within a provider organization. A
Developer in a Catalog or Space can manage Products that are staged or published to the Catalog or
Space.
|
Member | View |
Settings | View | ||
Topology | View gateway services or portal services at the provider organization. | ||
Org | View | ||
Drafts | View, Edit | ||
Product | View, Stage, Manage | ||
Product-approval | View, Stage, Publish, Supersede, Replace, Deprecate, Retire | ||
Consumer-org | View | ||
App | View, Manage | ||
App-dev | Manage | ||
App-approval | View, Manage | ||
Subscription | View, Manage | ||
Subscription-approval | View, Manage | ||
Api-analytics | View, Manage | ||
Child | View, Create | ||
Member | Member of a provider organization | Org | View |
Viewer | Viewer of a provider organization | Member | View |
Topology | View gateway services or portal services at the provider organization. | ||
Org | View | ||
Drafts | View | ||
Product-approval | View | ||
Consumer-org | View | ||
App | View | ||
App-approval | View | ||
Subscription | View | ||
Subscription-approval | View | ||
Api-analytics | View | ||
Child | View |
User roles in the Developer Portal UI
Role | Role Description | Permission | Actions |
---|---|---|---|
Owner | Owns and administers the app developer organization | Organization member | View, Manage |
Organization settings | View, Manage | ||
Organization view | View | ||
Consumer product | View | ||
Consumer app | View or Manage production or development applications | ||
Consumer app-dev | Manage development applications | ||
Consumer subscription | View or Manage the application Plan subscriptions that have been created by application developers in the Developer Portal. The Manage permission includes ability to migrate a subscription to another plan. | ||
Consumer app-analytics | View application analytics | ||
Administrator | Administers the app developer organization | Organization member | View, Manage |
Organization settings | View, Manage | ||
Organization | View | ||
Consumer product | View | ||
Consumer app | View, Manage production or development applications | ||
Consumer app-dev | Manage development applications | ||
Consumer subscription | View or Manage the application Plan subscriptions that have been created by application developers in the Developer Portal. The Manage permission includes ability to migrate a subscription to another plan. | ||
Consumer app-analytics | View application analytics | ||
Developer | Builds and manages apps in the developer organization | Organization member | View |
Organization settings | View | ||
Organization | View | ||
Consumer product | View | ||
Consumer app | View, Manage production or development applications | ||
Consumer app-dev | Manage development applications | ||
Consumer subscription | View or Manage the application Plan subscriptions that have been created by application developers in the Developer Portal. The Manage permission includes ability to migrate a subscription to another plan. | ||
Consumer app-analytics | View | ||
Member | Member of the app developer organization | Organization | View |
Viewer | Viewer of the app developer organization | Organization member | View |
Organization settings | View | ||
Organization | View | ||
Consumer product | View | ||
Consumer app | View applications | ||
Consumer production-app | View production applications | ||
Consumer app-analytics | View application analytics |