Contact Free trial Login

Business Groups

Business groups are self-contained resource groups that contain Anypoint Platform resources such as APIs and applications. Business groups provide a way to separate and control access to Anypoint Platform resources, as users have access only to the business groups in which they have a role.

Business groups reside within the master organization and are organized in a hierarchical tree where the top-level business group is the root. Each business group you create has one direct parent and can have multiple children.

Business groups are not enabled by default in a new Anypoint Platform account. To activate business groups in your organization, contact your MuleSoft representative. There is a limit of 100 business groups per organization.

If you are an organization administrator and your organization is enabled for business group support, you can create business groups within your organization. The organization administrator is also the administrator of any business groups within the organization.

Business groups provide more fine grained control over access to resources.

organization 2b25c

Since business groups are hierarchical, the owner of a parent business group always retains administrator permissions for any child business group within that parent. The owner of a business group can create child business groups and assign another user (who has the Organization Administrators role) as an owner of those child business groups. The owner of the parent group remains an Organization Administrator within the child business group.

Conversely, owners of child business groups cannot:

  • Access or modify the parent business group or master organization settings

  • View the parent business group’s client ID and client secret

When you create a business group under another business group, only the redistributable entitlements, such as VPCs and load balancers, that were assigned to the parent business group can be allocated to the child business group.

Create a Business Group

When you create a new business group under the top-level business group, all the current users with the Organization Administrators role in the top-level business group appear in the list of users in the newly created business group.

  1. In the Anypoint Platform Access Management page, in the left menu, click Organization.

  2. Click the blue plus sign next to the organization name or any of the business groups in the tree diagram.

    organization 20885
  3. In the dialog box, enter:

    • Business Group name: Name for the new business group.

    • Owner: Assign an existing user, with the Organization Administrators role, as the business group owner.

    • Select Owner can create Business Groups to allow the owner to create child business groups under this business group.

    • Select Owner can create environments to allow the owner to create environments within this business group.

    • You can assign some or all of the redistributable resources (vCores, VPCs, and so on) that your organization owns to an individual business group. This ensures that the resources are used by the CloudHub deployments that belong to the business group. You can assign the resources when you create the business group, or edit these settings later.

    • Enable CloudHub global deployment: This option is available only if global deployment is enabled on the parent business group. When global deployment is enabled, the region is auto-populated according to the default region you specified.

    • Static IPs: This option is available only if the parent business group has static IPs assigned to it. This option enables the use of static IP addresses.

  4. Click Add Business Group.
    The business group appears in the hierarchy, under the master organization.

organization 9fa5f

Allocating redistributable resources to a business group makes those resources available only to that business group, which makes them unavailable to the parent organization.

Create a Child Business Group

You can create hierarchical levels of business groups to provide more control over access.

  1. Click the blue + icon on the left of the business group in which to create the child.

  2. In the Add Business Group dialog, enter a Business Group name and Owner, then select from these options:

    • Owner can create Business Groups: Organization administrators can create child business groups within the business group for which they are the owner.

    • Owner can create environments: Organization administrators can create environments within the business group.

    • Enable CloudHub global deployment: This option is available only if global deployment is enabled on the parent business group. When global deployment is enabled, the region is auto-populated according to the default region you specified.

    • Static IPs: This option is available only if the parent business group has static IPs assigned to it. This option enables the use of static IP addresses.

  3. Click Add Business Group.
    The business group appears in the hierarchy under the parent business group.

When your organization has multiple business groups, you can navigate between them using the menu at the top-right corner. Switching between business groups changes the list of available CloudHub deployments, APIs, users, and roles settings.

switch+suborg

When you sign into Anypoint Platform, you are returned to the business group where you were last active when you signed out of Anypoint Platform.

If you are not an organization administrator, you can view only the business groups that you have permissions to view. In the Organization tab, the tree of your organization displays only the business groups you are a member of.

Roles and Membership in Business Groups

Roles can be applied at the master organization level as well as at the business group level. However, each controls different resources. Roles and permissions assigned to a user in one particular business group are independent of the roles and permissions assigned to that same user in other business groups.

To belong to a business group, you must be granted a role within that business group. Once you are visible in a business group, you can be granted individual permissions in that business group. All users, regardless of which business groups they are in, belong to the master organization and can be assigned individual permissions in the master organization.

Members that are added to a business group can view and access the business group, but to access certain resources, you must have the appropriate roles assigned to you. For example, to access APIs and CloudHub deployments in the business group, you must be assigned roles that belong to that business group.

For example, if you have the Organization Administrators role in BusinessGroupA, you can grant users access to APIs and CloudHub deployments in BusinessGroupA.

If you also have the Organization Administrators role in BusinessGroupB, this does not mean that you can grant access to APIs and CloudHub deployments in BusinessGroupA to users in BusinessGroupB and vice versa.

Resources that belong to the master organization require roles specified at the master organization level.

Users who are assigned the Organization Administrators role in the master organization, or any business group, are automatically assigned that same role in any child business group created within that business group, so are automatically visible in the child business group. This does not apply to users who are assigned the Organization Administrators role after a child business group has been created.

Delete a Business Groups

Only an organization administrator can delete business groups. The top-level (root) business group can’t be deleted, even by an organization administrator.

  1. In Anypoint Platform Access Management, in the left menu, click Organization.

  2. Click the name of the group to delete.

  3. In the Business Group Info dialog, click Delete Business Group.

  4. In the confirmation dialog, enter the name of the business, then click Delete.

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.