Monday, May 15, 2017

#571 API Platform CS roles and grants

API Platform CS Roles

Here are the roles  -

You can check out the ORCL docs pertaining to roles here

Administrator - the superuser, includes all other roles.
Manages platform settings.
I login to the API platform Mgt console
as my admin user - cathal - and see the following options -

Let's look at the platform settings -

API Manager - manages API lifecycle and who gets access to
the APIs. She can also monitor API performance.
I login to the API platform Mgt console
as my manager user - unclePaudge - and see the following options -

Application Developer - discover and register their interest in
using APIs. She interfaces with the API Platform Developer Portal.
I login to the API platform Developer Portal
as my appDev user - jimmy - and see the following options -

Gateway Manager - Install and manage gateways.
May also manage API deployments to her gateway.
I login to the API platformMgt Console
as my gateway mgr user - pat - and see the following options -

According to the above, looks like pat doesn't have any gateways to manage.
However, I do have one created, so I can login as the user who created that and give pat access.

All I need to do is click on Add Grantee.

Gateway Runtime a service account used to communicate from the gateway to the mgt portal.

API Platform Management Console Grants 

Deployments -

Here is a simple example of roles and grants.

I create a new API - NiallCStockQuoteService based on google finance service.
I do this as the API Mgr user - unclePaudge.

So, OOTB, the API Mgr user does not have access to the Gateway.

I could login as the Gateway manager and give permissions to unclePaudge, or else
just deploy.

So now I log in as the gateway Mgr, pat.

He does not see the API -

So, what do I need to do now?
The API Mgr needs to grant pat access to the API.

He could grant the global - Manage API permission or the fine grained
Deploy API permission.

Let's go for the latter -

I now log back in as the gateway manager - pat.
Now he can select the API and deploy it.

Other API related Grants

Note the Register and Request Registration grants.
The former allows developers to register and use the APIs published to Developer Portal,
whereas the latter, requires final approval from the API Manager.

To demo this, let's deploy the API to the Developer Portal -

I now login to the Developer Portal as jimmy.

I do not see any APIs OOTB.

I now return to the Management Console and grant the following role to jimmy.

Back in the Developer Portal - jimmy now sees the API.

but he cannot register to use it.

Let's also grant him - Request Registration.

Back in the Developer Portal and jimmy now sees the Register button.

jimmy registers his interest in the API.

Back in the API Platform Management Console, unclePaudge can now approve
jimmy's request.

unclePaudge can approve, and quelle surprise, it is now registered -


No comments: