API
TrainingSupportCommunity

Identity and Access Management concepts

To understand this API's various URL resources and the data they exchange, you need to familiarize yourself with these concepts:

  • Group: Groups are organizational containers for the objects you use in Control Center. Groups can contain other groups, primary objects like properties, and secondary objects like edge hostnames or CP codes. Groups are organized as a nested tree structure that cascade permissions. You can move a nested group to another position within the tree structure, but that may affect users' access to objects it contains due to cascading permissions.

  • Asset. A term combining properties or includes created in Property Manager.

    • Property: A configuration file specifying how Akamai serves your web content. The Property Manager API (PAPI) allows you to manage property configurations and assign them to groups when you first create them.
    • Blocked Property: Administrators can block a user's access to any property, overriding any available role already assigned to a user to further restrict access.
    • Includes. They are snippets of a property configuration that let you reuse common settings in different properties or delegate the management of a portion of business rules to responsible application teams. To learn more, see Includes and Manage access to properties and includes.

  • Users: A user is a person with access to Control Center.

  • Profile: A profile refers to a user's information such as address and personal phone number. Users can edit their own profiles, but only administrators can edit profiles belonging to other users. Users can't disable their two-factor authentication (TFA) settings if the account they belong to has TFA enabled by default.

  • Administrators: Administrators are a subset of users with additional permissions. They can have different levels of access, like API provisioning, moving groups or properties, or creating new users or modify existing ones. Response data may be redacted based on your access rights if you're a lower-level administrator.

  • Common Resources: This refers to commonly accessible read-only information that may apply across all users on an account. It includes locale, security policies, and the set of available products. The API provides a different set of common resource operations for access by administrators and for other users.

  • Notification: Users configure email notifications for reminders to rotate passwords, or to learn about maintenance issues for each product.

  • Role: Roles contain permissions that are explicitly tied to both a user and a group. You can assign to a user one role per group. It's the combination of user, role, and group that grants a user access to the objects they need. Roles may restrict access for a limited set of a group's resources.

  • Grantable Role: These contain certain Akamai-defined atomic permissions that, when grouped together, give you access to applications and resources. The permissions included in a grantable role depend on what products are available on your contract. Use the Contract API for information on the products associated with your contract.