Creating custom roles
If you have permission to edit roles, you can create custom roles, and assign permissions, in a provider organization. You can create as many custom roles as you want.
About this task
The following tables provide a list of available permissions and what they represent. For a listing of the default API Manager roles and permissions, see Adding provider organization users and assigning roles.
![[V5.0.5 or later]](../buildfiles/icon_v505.jpg){kind=icon}
Permissions can be applied on an organizational or Catalog level.
![[V5.0.4 and earlier]](../buildfiles/icon_v504_earlier.jpg){kind=icon}
| Permissions | Actions | Permits the user to |
|---|---|---|
| Roles | View | View the Roles tab |
| Edit | Create, edit, and delete roles | |
| Users | View | View the users that are in an organization |
| Edit | Add and update users to, and delete users from, an organization | |
| TLS Profiles | View | View TLS profiles |
| Edit | Create, edit, and delete TLS profiles | |
| User Registries | View | View user registries |
| Edit | Create, edit, and delete user registries | |
| Draft APIs | View | View draft APIs |
| Edit | Create, update, and delete draft APIs | |
| Draft Products | View | View draft Products |
| Edit | Create, update, and delete draft Products | |
| Subscriptions | View | View Plan subscriptions |
| Approve | Approve Plan subscriptions | |
| Catalog Administration | View | View Catalogs |
| Edit | Create, update, and delete Catalogs | |
| Developers | View | View developers and developer organizations |
| Manage | Add, update, and delete developers and developer organizations | |
| Analytics | View | View Catalog analytics |
| Permissions | Action | Permits the user to |
|---|---|---|
| Draft APIs | View | View draft APIs |
| Edit | Edit draft APIs | |
| Organization Settings | View | View organization's configuration settings Note: A user with permission can view Roles, TLS Profiles, and User Registries.
|
| Manage | Manage organization's configuration settings Note: A user with permission can manage Roles, TLS Profiles, and User Registries.
|
|
| Catalogs | Create | Create Catalogs in the organization |
| View | View all Catalogs in the organization | |
| Manage | Manage all Catalogs in the organization | |
| Draft Products | View | View draft Products |
| Edit | Edit draft Products | |
| Organization Members | View | View organization's members |
| Manage | Manage organization's members |
| Permissions | Action | Permits the user to |
|---|---|---|
| Catalog Members | View | View Catalog members |
| Manage | Manage Catalog members | |
| Catalogs Settings | View | View the Catalog configuration settings |
| Manage | Manage the Catalog configuration settings | |
| Subscriptions | View | View subscriptions |
| Manage | Manage subscriptions | |
| API Products | Stage | Stage Products in a Catalog |
| View | View Products in a Catalog | |
| Manage | Manage Products in a Catalog | |
| Subscription Approvals | View | View subscription approvals |
| Manage | Manage subscription approvals | |
![[V5.0.7 or later]](../buildfiles/icon_v507.jpg){kind=icon} Subscription and Application Approvals |
View |
View subscription and application upgrade approvals |
| |
Manage |
Manage subscription and application upgrade approvals |
| Analytics | View | View analytics |
| Manage | Manage analytics | |
| Applications | View | View applications |
| Manage | Manage applications | |
| Developer Organizations and Developers | View | View developer organizations and developers |
| Manage | Manage developer organizations and developers | |
| Product Lifecycle Approvals | View | View Product lifecycle changes |
| Stage | Stage Products | |
| Publish | Publish Products | |
| Deprecate | Deprecate Products | |
| Retire | Retire Products | |
| Replace | Replace Products | |
| Supersede | Supersede Products | |
| Spaces | Create | Create Spaces |
| View | View Spaces | |
| Manage | Manage Spaces |
| Permissions | Action | Permits the user to |
|---|---|---|
| Space Members | View | View Space members |
| Manage | Manage Space members | |
| Space Settings | View | View the Space configuration settings |
| Manage | Manage the Space configuration settings | |
| Subscriptions | View | View subscriptions |
| Manage | Manage subscriptions | |
| API Products | Stage | Stage Products in a Space |
| View | View Products in a Space | |
| Manage | Manage Products in a Space | |
| Subscription Approvals | View | View subscription approvals |
| Manage | Manage subscription approvals | |
| Subscription and Application Approvals |
View |
View subscription and application upgrade approvals |
| |
Manage |
Manage subscription and application upgrade approvals |
| Analytics | View | View analytics |
| Manage | Manage analytics | |
| Applications | View | View applications |
| Manage | Manage applications | |
| Developer Organizations and Developers | View | View developer organizations and developers |
| Manage | Manage developer organizations and developers | |
| Product Lifecycle Approvals | View | View Product lifecycle changes |
| Stage | Stage Products | |
| Publish | Publish Products | |
| Deprecate | Deprecate Products | |
| Retire | Retire Products | |
| Replace | Replace Products | |
| Supersede | Supersede Products |
Note: In API Manager, the Organization Owner
role has full access and cannot be edited or deleted. All other roles, including custom roles, can
be deleted. If you delete a role, users lose that role. If a user loses that role, their account
remains in API Manager, enabling you to add
a role to the user at a future date.
Procedure
You can create custom roles by following the procedure:
-
If you have not previously pinned the UI navigation pane then
click the Navigate to icon
.
The API Manager UI navigation pane opens. To pin the UI navigation pane, click the Pin menu icon
. -
Click on the new role, then enter the name and description of the custom role in the
corresponding Role Name and Description text fields.
-
Click on the new role, then enter the display name, name, and description of the custom role in
the corresponding Display Name, Name and
Description text fields.
Note:
- The Display Name field can contain a maximum of 25 characters.
- The value that you enter for the Name can be used to reference the role through the CLI.
-
To delete a role, click the Delete icon alongside the required role.
Note: You can delete a role only at the provider organization level. You cannot delete a role at the Catalog level.Nor can you delete a role at the Space level.
You can, however, assign Catalog-specific permissions to the role; for details, see Creating and configuring Catalogs.
You can also assign Space-specific permissions; for details, see Managing user access in a Space; for more information on Spaces, see Using syndication in IBM API Connect.