This documentation is for WSO2 API Manager 1.4.0 View documentation for the latest release.
User Roles in API Manager - API Manager 1.4.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

User management capability is available by default in all WSO2 products. WSO2 API Manager allows you to manage user accounts and roles at different levels. You can log in to the Management Console of the API Manager as an admin user, and create custom roles with different levels of permission. These roles can then be assigned to different users according to your requirement.  

We have identified three distinct community roles, which are typically used in many organizational situations, when carrying out different operations in the API Publisher and API Store. They are as follows:

  • creator: A creator is typically a person in a technical role who understands the technical aspects of the API (interfaces, documentation, versions, how it is exposed by API gateway) and uses the API Publisher Web application to develop and provision APIs into the API store. The creator uses the API store to consult ratings and feedback provided by API users. Creator can add APIs to the store but cannot manage their life cycles (that is, make them visible to the outside world).
  • publisher: A publisher is typically a person in a managerial role and overlooks a set of APIs across the enterprise or a business unit, and controls the API lifecycle and monetization aspects. The publisher also analyzes usage patterns for APIs and has access to all API statistics.
  • consumer : A consumer is typically an anonymous user or an application developer who searches the API store to discover APIs and use them. He/she reads the documentation,  forums, rates/comments on APIs.
We have identified the three roles above as common in many organizational situations. They are used throughout this documentation. However, you can also define different user roles depending on your unique requirements.

Administrators of the API Manager can use the Management Console UI to add user roles. Roles contain different levels of permissions to manage the Server. You can create different roles with various combinations of permissions. Follow the instructions below to create the creator, publisher and subscriber roles.

Creating User Roles

1. Log on to the Management Console and select Users and Roles under the Configure menu. For instructions on accessing the Management Console, refer to section  Running the Product .

2. In the User Management window that appears, click  Roles. 

3. In the Roles window, click on the Add New Role link.

Adding the creator role

4. Add user roles as creator and click Next. 

5. Give the following privileges to the creator role. You can select them from the list of permissions that appears.

  • Configure > Governance and all underlying permissions.
  • Login
  • Manage > API > Create
  • Manage > Resources > Govern and all underlying permissions.

  

Any user with the above permissions assigned is able to create, update and manage APIs using the API Publisher Web interface.

6. Click Finish once you are done adding permission. The role will be listed in the Roles window as follows:


From here, you can rename, edit, delete or assign users to the role.

Adding the publisher role

7. In the Add Role window, add user role as publisher and click Next. 

8. Give the following privileges to the publisher role by selecting them from the list of permissions that appears.

  • Login
  • Manage > API > Publish


 

Any user with the above permissions assigned is able to manage the API's life cycle using the API Publisher Web interface.

9. Click Finish once you are done adding permission. The role will be listed in the Roles window as follows:


From here, you can rename, edit, delete or assign users to the role.

The default subscriber role  

When you first log in to the Management Console, you can see the subscriber role already there, defined out of the box. The reason is because API Manager assigns this default subscriber role to all users who self-register to the API Store. 

Follow the instructions below, if you wish to create a different role with the same permission levels.

10. In the Add Role window, add a suitable name for the role and click Next. For example,


11. Give the following privileges to the new role.

  • Login
  • Manage > API > Subscribe

Any user with the above permissions assigned is able to log in to the API Store and perform operations on the published APIs.

12. Click Finish once you are done adding permission. The role will be listed in the Roles window.

13. Open <APIM_HOME>/repository/conf/api-manager.xml file and edit the <SelfSignUp> element to reflect the newly added role. For example,

<SelfSignUp>
     <Enabled>true</Enabled>
     <SubscriberRoleName>NewSubscriber</SubscriberRoleName>
     <CreateSubscriberRole>true</CreateSubscriberRole>
</SelfSignUp>

Editing this file ensures that all users who self-sign-up to API Store are automatically assigned the NewSubscriber role.

Info

The <CreateSubscriberRole> parameter specifies whether the subscriber role should be created in the local user store or not. It is only used when the API subscribers are authenticated against the local user store. That means the local Carbon server is acting as the AuthManager.

Set this parameter to false if a remote Carbon server acts as the AuthManager.

  • No labels