Permissions

This page is constantly being updated with new examples.

This page details the resources and permissions available for access control in API Management (Sensedia Platform).

Basic Concepts

The following definitions are fundamental to understanding how permissions work in API Management (Sensedia Platform):

  • Resource: Represents a functional area of the system, such as APIs, Billing, Caches, etc.

  • Permission: A specific action allowed on the resource, such as create, delete, list, update, view, etc.

  • Role: A set of permissions assigned to a user to define their access level.

How does permissioning work in API Management?

Permissioning in API Management (Sensedia Platform) is more granular than in previous versions of API Platform 4.x. This means you can have more detailed control over the actions each user can perform on each resource. In addition to defining whether a user can view and/or edit a specific resource, you can also specify whether they can list, create, update, and/or delete resources.

Another difference compared to API Platform 4.x versions is that user, team, role, and permission management is done through Sensedia Access Control. In this module, permissioning is managed through roles, which are sets of permissions to be assigned to users. When you create a role, you define which permissions it will have for each resource and then assign that role to the users who need those permissions. You can also choose to use the default roles, which already come with predefined permissions.

To access some API Management resources (e.g., Apis), you will also need to grant specific permissions of add-ons such as Access Control and Analytics. See examples.

Below, you can check the relationship between resources and permissions in API Management (Sensedia Platform) as well as examples of role configuration in Sensedia Access Control.

Resources and their respective permissions

The table below presents all resources and their possible permissions for API Management (Sensedia Platform):

Resource Permission

Access tokens

Access Token Create

Access Token List

Access Tokens Secret View

Access Token Update

Access Token View

Apis

API Create

API Delete

API List

API Update

API View

Apps

Application Create

Application Delete

Application List

Apps Secret View

Application Update

Application View

Billing

Billing List

Caches

Cache Create

Cache Delete

Cache List

Cache Update

Cache View

Certificates

Certificate Create

Certificate Delete

Certificate List

Certificate Update

Certificate View

Config

Config List

Config View

Connectors

Connector Create

Connector Delete

Connector List

Connector Update

Connector View

Deployment

Deployment Update

Environments

Environment Create

Environment Delete

Environment List

Environment Update

Environment View

Export

Export Data View

Gateway pools

Gateway-Pools List

Health checks

Health Check Create

Health Check Delete

Health Check List

Health Check Update

Health Check View

Import

Import Data Create

Inbound addresses

Inbound Address Create

Inbound Address Delete

Inbound Address List

Inbound Address Update

Inbound Address View

Interceptors

Interceptor Create

Interceptor Delete

Interceptor List

Interceptor Update

Interceptor View

OAuth config

OAuth Config Update

OAuth Config View

Plans

Plan Create

Plan Delete

Plan List

Plan Update

Plan View

Top operations

Top Operations List

Top Operations Show In Dev Portal

Trace

Trace List

Trace Decrypt View

Trace View

Contract

Read Contract

Create Contract

Documents

List Documents

Read Documents

Create Documents

Endpoints

Read Endpoints

Create Endpoints

Files

List Files

Create Files

Journey

Read Journey

Create Journey

Role configuration examples

Example 1: Viewing the API list and their information

These are the permissions required for a user to view the API list on the API Catalog screen and also access the basic information of an API on the API Overview screen (accessed by clicking its name on the card):

Product Required permissions

Access Control

List Groups

List Users from Group

View Group

List Groups from User

List Users

View User

API Platform

API List

API View

  • The API List permission enables access to the API Design  API Catalog screen.

  • The API View permission allows viewing the basic information of APIs and also enables contract download and access to the respective Timeline.

Example 2: Viewing request traces

With the set of permissions listed below, the user will be able to access the list of calls displayed on the Trace and Health  General Trace screen, the requests made to a specific API (on the API Trace screen), and the details of specific calls (Call Details):

Product Required permissions

Access Control

List Groups

List Users from Group

View Group

List Groups from User

List Users

View User

Analytics

General Calls View

General Trace View

API Platform

API List

API View

Trace List

Trace View

  • The Trace List permission enables access to the Trace and Health  General Trace and API Trace screens, whereas the General Calls View permission allows you to view the records listed on these screens.

  • The General Trace View and Trace View permissions enable viewing the details of a specific call (Call Details).
Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]