Add permissions to a user role

To go through the Property Manager setup and configure API features, you first need to ensure that your Control Center user has appropriate permissions assigned in the Identity and Access Management application.

If you’re an Admin user, you may skip this task because you should already have all of the required permissions.
If a user that you want to grant access to does not exist in Control Center, you should first create a user in Identity and Access Management. For details on creating users, modifying roles, and other aspects of the Identity and Access Management application, see the Identity and Access Management documentation.

  1. Go to > ACCOUNT ADMIN > Identity & access.

  2. On the Identity and Access Management page, select the Roles tab.

  3. From the list of available roles, choose the one you want to add permissions to, and from its corresponding Action menu, select Clone role.
    Normally, each role that you may clone already contains some predefined permissions. Cloning a role may be more convenient than creating a new role from scratch because the clone inherits the already-created permissions automatically.
    The Description column explains a role’s level of access and it should help you decide which role to associate with a particular user.

  4. In the Clone a role window:

    a. In the Name field, enter a name for the new role.

    b. In the Description field, enter a description of the new role.

    c. From the Permissions list, select All Permissions.

    d. In the section on the right, select the permissions that you want to assign. Click Save.
    For the list of relevant API Gateway permissions, see API Gateway permissions.

  5. On the Identity and Access Management page, select the Users and API Clients tab.

  6. In the Client Name column, click the name of the user that you want to assign the cloned role to.

  7. In the Edit window, select the Assign roles tab.

  8. In the Assign roles tab, click the pencil icon next to the appropriate name.

  9. From the list of roles, select the role you assigned the permissions to. Click Save to assign the role with the specified permissions to the selected user.
    This user can now configure and use API Gateway features.

API Gateway permissions

The following permissions allow access to API Gateway and related features. See the description of each permission to learn about the access level it provides.

Permission

Description

Edit Access to Property Manager

Allows users to create and configure properties in Property Manager.

WAF Admin, WAF Config

Allow users to access API Definitions, view and edit endpoint and resource information, and manage API configuration versions. Allow web application firewall customers to modify API security features.

API Definitions Administrator

Allows users to access and modify delivery features, such as API privacy, JWT validation, CORS, caching, GZIP compression, or custom error responses. When a role with this permission is assigned to a user’s ACG, that user can also register API configurations with hostnames from this ACG with no base path restrictions. For more details about this relation, see Access control group (ACG) model.

API Definitions Viewer

Allows users to access and view the contents of API Definitions. When a role with this permission is assigned to a user’s ACG, that user can also view this ACG’s hostnames in the API hostnames menu on the API registration page. For more details about this relation, see Access control group (ACG) model.

API Definitions URL Path Editor

Allows users to access the contents of API Definitions. When a role with this permission is assigned to a user’s ACG, that user can also register API configurations with hostnames from this ACG, providing the associated base path is non-blank and doesn’t start with a wildcard (*) or a path parameter.

API Definitions Read/Write

Allows users to view and edit API configurations in API Definitions. When a role with this permission is assigned to a user’s ACG, that user can also register API configurations with hostnames from this ACG with no base path restrictions. For more details about this relation, see Access control group (ACG) model.

Botman Feature, Botman Config

For Bot Manager customers, allow users to access and modify resource purpose settings.


Did this page help you?