Team support

What is a Team in webMethods API Gateway?

A team can be defined as a group of users with a set of defined responsibilities. The assets that are supported by this feature are APIs, applications, packages and plans.

This table lists the important points on webMethods API Gateway behavior with and without the Team support feature:

Users can manage assets based on the functional privileges that are assigned to the teams they belong to. For details on asset visibility and accessibility, see Team support considerations .

When to use Team support?

Team support can be used to group the users of a business unit or users with similar roles in your organization. Using this feature, you can assign assets for each team and specify the access level of team members based on the team members' project requirements.

This feature is helpful for organizations that have multiple business units, who work on different projects. Users can access only the assets that are assigned to them. For example, consider an organization with different teams such as Development, Configuration Management, Product Analytics, and Quality Assurance. Each of these teams needs access to different assets at different levels. That is, developers might require APIs to develop applications and they require the necessary privileges to manage APIs and applications. Similarly, analysts might want the necessary privileges to view performance dashboards of assets. In such scenarios, you can group users based on their roles as a team and assign them the necessary privileges based on their responsibility.

Before the 10.5 version, users were given the necessary privileges by using Access Profiles. Starting version 10.5, you can limit the access of your asset to the necessary team members and assign access privileges by using the Team support feature.

When not to use Team support?

You do not use the Team support feature when you require -

• Tenant isolation - If your requirement is to allow the access of assets by tenants, then you must have multiple tenants and isolate them from each other. The Team support feature does not address this requirement.
• Full access management- Users gain access based on their team privileges. Users have no role-based access to an asset.

Teams management in webMethods API Gateway

You can create teams from the User Management section of the webMethods API Gateway UI by including the necessary user groups and assigning them the necessary functional privileges. You can also assign a team administrator for each team, who can add or modify team members.

Users with the Manage user administration privilege can create teams. When you create a team, you can assign -

• Team administrator. You can assign a user or a user group as a team administrator. Team administrators can add or remove users from a team. When you assign a user group as a team administrator, all users of the groups can modify team members. When team administrators, who do not have the Manage user administration functional privilege log on to webMethods API Gateway, they can view the teams that are assigned to them in the Teams tab of the Administration page.
• Functional privileges for the team members. The functional privileges assigned to a team determine the accessibility of assets to the respective team members. For example, if you assign all privileges under the APIs, Policies and applications sections, then the team members can manage APIs and applications that are assigned to their teams and perform operations that are related to policies.
• Team members. You can assign users and user groups to the team. Team members can access the assets that are assigned to their teams and perform operations on the assets based on the functional privileges that are assigned to the team.

Teams - Asset association

After you create teams, you can assign assets to teams in one of the following ways:

• Assign team during asset creation - When you create an asset, webMethods API Gateway provides an option to select the teams for the asset. You can select more than one team for an asset. You can modify the teams that are assigned by following the change ownership process. For information about the process, see Modifying teams assigned to an API and Changing the ownership of multiple teams
• Using Global Team Assignment rule - This rule is a preferred method to assign teams when you already have assets to which you want to assign teams. You can create global assignment rules that are applied to assets and assign teams to them. You can specify one or more conditions in a rule. When an asset satisfies the conditions that are specified in a rule, the asset is assigned to the teams specified in the rule. When you create and activate a rule, the rule is applied to the existing assets and teams are assigned.

If you already have assets in your webMethods API Gateway instance and when you enable the Teams support feature, all assets are assigned to the Default team. Every user is automatically assigned to this team. That means, by default, every asset (APIs, applications, packages and plans) are still visible to all users. Access rights are restricted if the asset is explicitly assigned to one or more teams during its creation.

Manually remove the Default team from the respective asset details page.

Read the Teams support considerations section to see the impact of Team support on other features. For more information, see Team support considerations.