Roles and permissions for App Connect Designer on Red Hat® OpenShift®
Identity and access management (IAM) is used to secure access to your App Connect Designer instances. The App Connect Designer roles determine what tasks or actions a user can perform on the Designer instance.
Roles and permissions for App Connect Designer 12.0.10.0-r2 or later (in IBM App Connect Operator 11.0.0 or later)
In IBM® App Connect Operator 11.0.0 or later, IAM is implemented by using Keycloak to validate user identities and grant access. For information about configuring IAM, creating users, and assigning roles, see Implementing identity and access management for App Connect Designer and App Connect Dashboard instances.
The following role can be assigned to a Designer instance:
designerauthoring-admin.
Designer resources and their roles
The designerauthoring-admin role assigns full access and is required for any
action.
Roles and permissions for App Connect Designer 12.0.10.0-r1 or earlier (in IBM App Connect Operator 10.1.1 or earlier)
In IBM App Connect Operator 10.1.1 or earlier, you can control access to your App Connect Designer instances by using the IAM service that IBM Cloud Pak foundational services 3.19.x or later 3.x.x provides.
Authority to use an App Connect Designer instance is determined by the user's authority for the namespace that contains the instance. The relation between user authority and namespace is as follows:
- The App Connect Designer instance is created in a namespace.
- The namespace is a resource to which an IAM team can be granted access.
- The IAM team consists of users and each user has an assigned role.
- Each user role has a specified authority.
| IAM service role | App Connect Designer permissions |
|---|---|
| CloudPakAdministrator, ClusterAdministrator, Administrator | Access to full Designer functionality |
| Operator | Access to full Designer functionality |
| Editor | No Designer access |
| Auditor | No Designer access |
| Viewer | No Designer access |