Permissions
This page is constantly being updated with new examples. |
This page details the resources and permissions available for access control in API Management (Sensedia Platform).
Basic Concepts
The following definitions are fundamental to understanding how permissions work in API Management (Sensedia Platform):
-
Resource: Represents a functional area of the system, such as
APIs
,Billing
,Caches
, etc. -
Permission: A specific action allowed on the resource, such as create, delete, list, update, view, etc.
-
Role: A set of permissions assigned to a user to define their access level.
How does permissioning work in API Management?
Permissioning in API Management (Sensedia Platform) is more granular than in previous versions of API Platform 4.x. This means you can have more detailed control over the actions each user can perform on each resource. In addition to defining whether a user can view and/or edit a specific resource, you can also specify whether they can list, create, update, and/or delete resources.
Another difference compared to API Platform 4.x versions is that user, team, role, and permission management is done through Sensedia Access Control. In this module, permissioning is managed through roles, which are sets of permissions to be assigned to users. When you create a role, you define which permissions it will have for each resource and then assign that role to the users who need those permissions. You can also choose to use the default roles, which already come with predefined permissions.
To access some API Management resources (e.g., Apis), you will also need to grant specific permissions of add-ons such as Access Control and Analytics. See examples. |
Below, you can check the relationship between resources and permissions in API Management (Sensedia Platform) as well as examples of role configuration in Sensedia Access Control.
Resources and their respective permissions
The table below presents all resources and their possible permissions for API Management (Sensedia Platform):
Resource | Permission |
---|---|
Access tokens |
Access Token Create |
Access Token List |
|
Access Tokens Secret View |
|
Access Token Update |
|
Access Token View |
|
Apis |
API Create |
API Delete |
|
API List |
|
API Update |
|
API View |
|
Apps |
Application Create |
Application Delete |
|
Application List |
|
Apps Secret View |
|
Application Update |
|
Application View |
|
Billing |
Billing List |
Caches |
Cache Create |
Cache Delete |
|
Cache List |
|
Cache Update |
|
Cache View |
|
Certificates |
Certificate Create |
Certificate Delete |
|
Certificate List |
|
Certificate Update |
|
Certificate View |
|
Config |
Config List |
Config View |
|
Connectors |
Connector Create |
Connector Delete |
|
Connector List |
|
Connector Update |
|
Connector View |
|
Deployment |
Deployment Update |
Environments |
Environment Create |
Environment Delete |
|
Environment List |
|
Environment Update |
|
Environment View |
|
Export |
Export Data View |
Gateway pools |
Gateway-Pools List |
Health checks |
Health Check Create |
Health Check Delete |
|
Health Check List |
|
Health Check Update |
|
Health Check View |
|
Import |
Import Data Create |
Inbound addresses |
Inbound Address Create |
Inbound Address Delete |
|
Inbound Address List |
|
Inbound Address Update |
|
Inbound Address View |
|
Interceptors |
Interceptor Create |
Interceptor Delete |
|
Interceptor List |
|
Interceptor Update |
|
Interceptor View |
|
OAuth config |
OAuth Config Update |
OAuth Config View |
|
Plans |
Plan Create |
Plan Delete |
|
Plan List |
|
Plan Update |
|
Plan View |
|
Top operations |
Top Operations List |
Top Operations Show In Dev Portal |
|
Trace |
Trace List |
Trace Decrypt View |
|
Trace View |
|
Contract |
Read Contract |
Create Contract |
|
Documents |
List Documents |
Read Documents |
|
Create Documents |
|
Endpoints |
Read Endpoints |
Create Endpoints |
|
Files |
List Files |
Create Files |
|
Journey |
Read Journey |
Create Journey |
Role configuration examples
Example 1: Viewing the API list and their information
These are the permissions required for a user to view the API list on the API Catalog screen and also access the basic information of an API on the API Overview screen (accessed by clicking its name on the card):
Product | Required permissions |
---|---|
Access Control |
List Groups |
List Users from Group |
|
View Group |
|
List Groups from User |
|
List Users |
|
View User |
|
API Platform |
API List |
API View |
|
Example 2: Viewing request traces
With the set of permissions listed below, the user will be able to access the list of calls displayed on the
screen, the requests made to a specific API (on the API Trace screen), and the details of specific calls (Call Details):Product | Required permissions |
---|---|
Access Control |
List Groups |
List Users from Group |
|
View Group |
|
List Groups from User |
|
List Users |
|
View User |
|
Analytics |
General Calls View |
General Trace View |
|
API Platform |
API List |
API View |
|
Trace List |
|
Trace View |
|
Share your suggestions with us!
Click here and then [+ Submit idea]