The IBM® API
Connect solution provides an infrastructure, tools, and facilities that allows users to create, manage, and stage APIs. The ability to perform tasks in the IBM API
Connect user interfaces is controlled through user roles, and the permissions that are assigned to those roles.
The roles described here are the default API Connect roles. In the API Manager user interface, you can create
custom roles; for more information, see:
Creating custom roles. You can also create custom roles in the Developer Portal user interface;
for more information, see Working with roles in the Developer Portal.
The following sections describe the roles and permissions for each of the
IBM API
Connect user interfaces:
User roles and permissions in the Cloud Manager UI
The following table describes the
Cloud Manager
UI user permissions.
Table 1. Cloud Manager UI
permissions
Permission |
Action |
Meaning |
Analytics |
View |
View the cloud analytics data |
Services |
View |
View management and gateway services and servers |
|
Edit |
Add, edit, and delete management and gateway services and servers |
Organizations |
View |
View provider organizations |
|
Edit |
Add, update, and delete provider organizations and their owners |
Users |
View |
View Cloud Manager users |
|
Edit |
Add, update, and delete Cloud Manager users |
TLS Profiles |
View |
View SSL identities |
|
Edit |
Add, update, and delete SSL identities |
User Registries |
View |
View user registries |
|
Edit |
Add. update, and delete user registries |
Settings |
View |
View the cloud settings |
|
Edit |
Edit the cloud settings |
The following table lists the various
Cloud Manager UI roles, and the permissions assigned
to them.
Table 2. Cloud Manager UI roles
Role |
Permissions |
Actions |
Cloud Owner |
All permissions |
All actions |
Cloud Administrator |
Analytics |
View |
|
Services |
View, Manage |
|
Users |
View, Manage |
|
TLS Profiles |
View, Manage |
|
User Registries |
View, Manage |
|
Settings |
View, Manage |
Organization Manager |
Organizations |
View, Manage |
Topology Administrator |
Analytics |
View |
|
Services |
View, Manage |
|
TLS Profiles |
View, Manage |
|
User Registries |
View, Manage |
|
Settings |
View, Manage |
Note: An additional role, System, provides all permissions for the Cloud Manager user interface and, in addition,
provides REST access to all APIs but not to the API Manager or Developer Portal user interface
themselves.
User roles and permissions in the API Manager UI
The following tables describe the API Manager UI user permissions.
Table 3. API Manager UI permissions
Permission |
Action |
Meaning |
Roles |
View |
View the roles editing page |
|
Edit |
Create, edit, and delete roles in the roles editing page |
Users |
View |
View organization users |
|
Edit |
Add, update, and delete organization users |
TLS Profiles |
View |
View SSL Identities |
|
Edit |
Create, edit, and delete SSL Identities |
User Registries |
View |
View user registries |
|
Edit |
Create, edit, and delete user registries |
Draft APIs |
View |
View draft APIs |
|
Edit |
Create, update, and delete draft APIs |
Draft Products |
View |
View Products |
|
Edit |
Create, update, and delete draft Products |
Subscriptions |
View |
View Plan subscriptions |
|
Approve |
Approve Plan subscriptions |
Catalog Administration |
View |
View Catalogs |
|
Edit |
Create, edit, and delete Catalogs |
Developers |
View |
View developers and developer organizations |
|
Manage |
Add, update, and delete developers and developer organizations |
Analytics |
View |
View Catalog analytics |
A user with Roles permission can change the permission assignments, and can create custom roles; for more information, see
Creating custom roles.
Table 4. Default API Manager UI roles and the default permissions assigned to those roles.
Role |
Permissions |
Actions |
Owner |
All permissions |
All actions |
Administrator |
All permissions |
All actions |
Product Manager |
Users |
View |
|
TLS Profiles |
View |
|
User Registries |
View |
|
Draft APIs |
View, Edit |
|
Draft Products |
View, Edit |
|
Subscriptions |
View, Approve |
|
Catalog Administration |
View |
|
Developers |
View, Manage |
|
Analytics |
View |
API Developer |
Users |
View |
|
TLS Profiles |
View |
|
User Registries |
View |
|
Draft APIs |
View, Edit |
|
Draft Products |
View, Edit |
|
Subscriptions |
View |
|
Analytics |
View |
Publisher |
Users |
View |
|
TLS Profiles |
View |
|
User Registries |
View |
|
Draft APIs |
View |
|
Draft Products |
View |
|
Subscriptions |
View, Approve |
|
Catalog Administration |
View, Edit |
|
Developers |
View |
|
Analytics |
View |
Note: In API Manager, the Owner role has full access and cannot be edited or deleted. All other roles, including custom roles, can be deleted. If you delete a role, users lose that role. If a user loses that role, their account remains in API Manager, enabling you to add a role to the user at a future date.
Table 5. Organization permissions
Permissions |
Action |
Permits the member to |
Draft APIs |
View |
View draft APIs |
|
Edit |
Edit draft APIs |
Organization Settings |
View |
View organization's configuration settings, including roles, TLS profiles, and user registries |
|
Manage |
Manage organization's configuration settings, including roles, TLS profiles, and user registries |
Catalogs |
Create |
Create Catalogs in the organization; the creator of a Catalog owns that Catalog and has full
administration permissions, including deletion of the Catalog |
|
View |
View all Catalogs in the organization |
|
Manage |
Manage all Catalogs in the organization; this includes permission to delete any
Catalog |
Draft Products |
View |
View draft Products |
|
Edit |
Edit draft Products |
Organization Members |
View |
View organization's members |
|
Manage |
Manage organization's members |
A user with Organization Settings > Manage permission can change the permission assignments, and can create custom roles; for more information, see Creating custom roles.
Table 6. Catalog permissions
Permissions |
Action |
Permits the member to |
Catalog Members |
View |
View Catalog members |
|
Manage |
Manage Catalog members |
Catalogs Settings |
View |
View the Catalog's configuration settings, including policies and OpenAPI (Swagger 2.0) extensions |
|
Manage |
Manage the Catalog's configuration settings, including policies and OpenAPI (Swagger 2.0) extensions |
Subscriptions |
View |
View subscriptions |
|
Manage |
Manage subscriptions |
API Products |
Stage |
Stage Products in a Catalog |
|
View |
View Products in a Catalog |
|
Manage |
Manage Products in a Catalog |
Subscription Approvals |
View |
View subscription approvals |
|
Manage |
Manage subscription approvals |
Subscription and Application Approvals |
View |
View subscription and application upgrade approvals |
|
Manage |
Manage subscription and application upgrade approvals |
Analytics |
View |
View analytics |
|
Manage |
Manage analytics |
Applications |
View |
View applications |
|
Manage |
Manage applications |
Developer Organizations and Developers |
View |
View developer organizations and developers |
|
Manage |
Manage developer organizations and developers |
Product Lifecycle Approvals |
View |
View Product lifecycle changes |
|
Stage |
Stage Products |
|
Publish |
Publish Products |
|
Deprecate |
Deprecate Products |
|
Retire |
Retire Products |
|
Replace |
Replace Products |
|
Supersede |
Supersede Products |
Spaces |
Create |
Create Spaces |
|
View |
View Spaces |
|
Manage |
Manage Spaces |
Table 7. Space permissions
Permissions |
Action |
Permits the member to |
Space Members |
View |
View Space members |
|
Manage |
Manage Spaces members |
Spaces Settings |
View |
View the Space configuration settings |
|
Manage |
Manage the Space configuration settings |
Subscriptions |
View |
View subscriptions |
|
Manage |
Manage subscriptions |
API Products |
Stage |
Stage Products in a Space |
|
View |
View Products in a Space |
|
Manage |
Manage Products in a Space |
Subscription Approvals |
View |
View subscription approvals |
|
Manage |
Manage subscription approvals |
Subscription and Application Approvals |
View |
View subscription and application upgrade approvals |
|
Manage |
Manage subscription and application upgrade approvals |
Analytics |
View |
View analytics |
|
Manage |
Manage analytics |
Applications |
View |
View applications |
|
Manage |
Manage applications |
Developer Organizations and Developers |
View |
View developer organizations and developers |
|
Manage |
Manage developer organizations and developers |
Product Lifecycle Approvals |
View |
View Product lifecycle changes |
|
Stage |
Stage Products |
|
Publish |
Publish Products |
|
Deprecate |
Deprecate Products |
|
Retire |
Retire Products |
|
Replace |
Replace Products |
|
Supersede |
Supersede Products |
Table 8. Default API Manager UI roles and the default permissions assigned to those roles.
Role |
Component |
Permissions |
Actions |
Organization Owner |
All |
All permissions |
All actions |
Catalog Owner |
All |
All permissions |
All actions |
Space Owner |
All |
All permissions |
All actions |
Administrator |
All |
All permissions |
All actions |
Product Manager |
Organization |
Draft APIs |
View, Edit |
|
|
Organization Settings |
View |
|
|
Catalogs |
View |
|
|
Draft Products |
View, Edit |
|
|
Organization Members |
View |
|
Catalog |
Catalog Members |
View |
|
|
Catalog Settings |
View |
|
|
Subscriptions |
View, Manage |
|
|
API Products |
View |
|
|
Subscription Approvals |
View, Manage |
|
|
Subscription and Application Approvals |
View, Manage |
|
|
Analytics |
View, Manage |
|
|
Applications |
View, Manage |
|
|
Developer Organizations and Developers |
View, Manage |
|
|
Product Lifecycle Approvals |
View |
|
|
Spaces |
None |
|
Space |
Space Members |
View |
|
|
Spaces Settings |
View |
|
|
Subscriptions |
View, Manage |
|
|
API Products |
View |
|
|
Subscription Approvals |
View, Manage |
|
|
Subscription and Application Approvals |
View, Manage |
|
|
Analytics |
View, Manage |
|
|
Applications |
View, Manage |
|
|
Developer Organizations and Developers |
View, Manage |
|
|
Product Lifecycle Approvals |
View |
API Developer |
Organization |
Draft APIs |
View, Edit |
|
|
Organization Settings |
View |
|
|
Catalogs |
Create, View |
|
|
Draft Products |
View, Edit |
|
|
Organization Members |
View |
|
Catalog |
Catalog Members |
View |
|
|
Catalog Settings |
View |
|
|
Subscriptions |
View |
|
|
API Products |
Stage, View, Manage |
|
|
Subscription Approvals |
View |
|
|
Subscription and Application Approvals |
View |
|
|
Analytics |
View |
|
|
Applications |
View |
|
|
Developer Organizations and Developers |
View |
|
|
Product Lifecycle Approvals |
View |
|
|
Spaces |
None |
|
Space |
Space Members |
View |
|
|
Spaces Settings |
View |
|
|
Subscriptions |
View |
|
|
API Products |
Stage, View, Manage |
|
|
Subscription Approvals |
View |
|
|
Subscription and Application Approvals |
View |
|
|
Analytics |
View |
|
|
Applications |
View |
|
|
Developer Organizations and Developers |
View |
|
|
Product Lifecycle Approvals |
View |
API Administrator |
Organization |
Draft APIs |
View |
|
|
Organization Settings |
View |
|
|
Catalogs |
Create, View |
|
|
Draft Products |
View |
|
|
Organization Members |
View |
|
Catalog |
Catalog Members |
View, Manage |
|
|
Catalog Settings |
View, Manage |
|
|
Subscriptions |
View, Manage |
|
|
API Products |
Stage, View, Manage |
|
|
Subscription Approvals |
View, Manage |
|
|
Subscription and Application Approvals |
View, Manage |
|
|
Analytics |
View, Manage |
|
|
Applications |
View, Manage |
|
|
Developer Organizations and Developers |
View |
|
|
Product Lifecycle Approvals |
View, Stage, Publish, Deprecate, Retire, Replace, Supersede |
|
|
Spaces |
None |
|
Space |
Space Members |
View |
|
|
Spaces Settings |
View |
|
|
Subscriptions |
View |
|
|
API Products |
Stage, View, Manage |
|
|
Subscription Approvals |
View |
|
|
Subscription and Application Approvals |
View |
|
|
Analytics |
View |
|
|
Applications |
View |
|
|
Developer Organizations and Developers |
View |
|
|
Product Lifecycle Approvals |
View |
Note: In API Manager, the Organization Owner role has full access and cannot be edited or deleted. All other roles, including custom roles, can be deleted. If you delete a role, users lose that role. If a user loses that role, their account remains in API Manager, enabling you to add a role to the user at a future date.
User roles in the Developer Portal UI
The following table describes the various
Developer Portal UI roles that relate to working with APIs and applications. In addition, you can create custom roles for the
Developer Portal site itself; for more information, see
Working with roles in the Developer Portal.
Table 9. Developer Portal UI roles
Role |
Tasks that can be performed |
Developer Organization Owner |
- Invite other users to join the developer organization
- Change the developer organization name
- View and create applications
- View Products and APIs
- View subscriptions and subscribe to use APIs
- Use the Developer Portal test tool
- Enter your credit card transaction processing information to receive payments
for subscription plans.
|
App Developer |
- View and create applications
- View Products and APIs
- View subscriptions and subscribe to use APIs
- Use the Developer Portal test tool
|
Viewer |
- View applications
- View Products and APIs
- View subscriptions
- Use the Developer Portal test tool
|
Note: A user called admin is created automatically, that has full administrator access to the Developer Portal site. The admin user can view Products and APIs but has no access to use APIs. The admin user assumes the email address of the owner of the provider organization associated with the Developer Portal.