Nav

Roles

Assumptions

This page assumes that you have an Organization Administrator role in your organization, or that you have API Versions Owner permissions and want to manage user permissions for your API version.

Overview

A role within the Anypoint Platform is a set of pre-defined permissions for each different product within the Platform.
Depending on the product, you can find pre-defined roles with their standard permissions, or you can customize your own permissions for each role.

The Access Management section grants you a space in which you can create Roles for the products to which you own the appropriate entitlements.

Default Roles

These are the default roles available in every new organization and business group when first created:

Role Name Description

API Creators

Create and manage API versions in the Anypoint Platform for APIs.
Members of the API Creator role have the ability to add new APIs to the platform on the API administration page.
This role grants no permissions on Runtime Manager.

Portals Viewer

Portal Viewers can see a list of the Private API Portals to which they have Portal Viewer permissions from the Developer Portal. They can also click to view those API Portals.
Note that the ability to view an API Portal does not automatically give a user access to the API. Also note that you cannot grant Portal Viewer permissions unless the API has an API Portal.

API Versions Owner

API Versions Owners can view specific versions of the API that they own.
They inherit Portal Viewer permissions by default for any API Portal that you create for the API versions they own.

Audit Log Viewers

Users of this role have access to the UI for the Audit Log under Access Management.

Cloudhub Admin

Access to all Runtime Manager functionality.

Cloudhub Developer

Access to all Runtime Manager functionality, except organization and billing settings.

Cloudhub Support

Read-only access to dashboards, notifications, alerts, logs, and their user settings.

Organization Administrators

Editing access to all versions of all APIs, all registered applications, and all API Portals in the Anypoint Platform. Access to the Organization Administration page, where they can add and manage users and roles, view and edit organization details, access the client ID and client secret for the organization, and customize the theme of the Developer Portal.
Members of the Organization Administrator role also inherit the role of API Creator by default.

Exchange Administrators

Approve Exchange artifacts that the contributor creates so that the artifact can be published in Exchange.

Exchange Contributors

Contribute Exchange artifacts.

Exchange Viewers

View Exchange artifacts.

If you click on a role, you can edit it, change its name or description and add or remove users to it.

Organization Owner

The user who first signs up for the Anypoint Platform organization is known as the Organization Owner. This is not a role but an identifier for this single user, who inherits the Organization Administrator role by default.

When the Organization Owner creates a business-group, it must assign a user as the owner of it. This user holds an Administrator role within that business group by default.

Permission Scopes for Default Roles

Each default Role in Anypoint Platform holds pre-defined permissions with a scope of actions that allow the user holding them specific actions within the platform:

Role Scope

Organization Administrators

  • Edit Developer portal theme settings

  • Request API access terms & conditions

  • Edit Portal Terms and Conditions

  • Set Custom Policies

  • Manage access of third party applications to an API (Specific to the Organization Administrator of the Master Business Group)

  • Edit users email address

  • Grant VPC and CloudHub dedicated Load Balancer permissions

API Creators

  • Create/Import an API Version

API Versions Owner

  • Manage any API Version in the organization

  • Delete any API Version in the organization

  • Deprecate any API Version in the organization

  • Edit the Portal of any API version in the organization

Portals Viewer

  • View API Portal

Audit Log Viewers

Cloudhub Admin

  • Create Applications

  • Delete Applications

  • Download Applications

  • Manage Alerts

  • Manage Application Data

  • Manage Queues

  • Manage Schedules

  • Manage Servers

  • Manage Settings

  • Read Applications

  • Read Servers

Cloudhub Developer

  • Create Applications

  • Download Applications

  • Manage Alerts

  • Manage Application Data

  • Manage Queues

  • Manage Schedules

  • Manage Settings

  • Read Applications

  • Read Servers

Cloudhub Support

  • Read Applications

Exchange Administrators

  • Create content

  • Manage any content

  • Manage assets

  • Publish/Unpublish content

  • Manage Search terms

  • Manage Content types visibility

Exchange Contributors

  • Create content

  • Manage own content

Exchange Viewers

  • Visualize Exchange Assets

  • Manage own reviews - Add/Edit/Delete

Managing Roles

To access the Roles menu, first make sure you’re in the correct business group (by clicking the menu next to your username on the top-right of the screen), then click the appropriate link in the left menu.

roles-a3471

Creating Custom Roles

As an organization administrator, you can create custom roles by combining API resources, permissions, and users.

  1. Click the Roles tab in the left navigation of your Organization Administration page.

  2. Click Add role.

  3. Enter a Name and Description for your custom role.

  4. Your custom role now appears in your list of roles. Click the name of your new role to assign permissions to it.

When editing Role names and/or descriptions, use the 'Enter' key to save changes, clicking outside the text box cancels the edit without saving it.

Assigning Permissions to Roles

By clicking a role name, you can access more information about that role, change its name and description, add permissions to it, or assign this role to specific users.
Depending on the product to which the role is associated, these options may vary. For example, API roles cannot be removed and their permissions cannot be modified, however you can add a description and add users to that role.

Depending on the amount of products you own in the Anypoint Platform, the tabs displayed under the Permissions tab vary as well. Usually it’s one tab per product enabled on your organization.

By default, all Anypoint Platform accounts have API and Runtime Manager permissions.

To add permissions to a role do the following:

  1. Make sure you’re in the right business group

  2. Pick the Permissions tab

  3. Choose the product whose permissions you want to assign (a full list of permissions can be found in our permissions section)

    1. If you want to assign API permissions:

      1. Start typing your API name in the Select the API resource by name field

      2. Select the version of the API. You can also choose all to grant privileges to all versions of the API you selected

      3. Select the API permission you wish to grant.
        (API Permissions share the same name as API Roles and they grant the same privileges)

    2. If you want to assign Product Permissions:

      1. Type in the name of one of the environments existing in your organization (if these environments belong to a business group, they are only available when creating a role in that same business group)

      2. Now you are able to select what permissions to grant within that environment. You can also pick Select All to assign all permissions related to that environment to that role.

  4. Click the + icon towards the right to add those permissions to the role

Note that product permissions are specific to a single environment, so if you have multiple environments and want to give a role the same permissions on all, you must add these permissions multiple times, one for each environment.

For a better understanding of how permissions work within the Anypoint Platform, see our permissions section.

If the only permissions associated with your role are Portal Viewer​ and/or ​Exchange Viewer​ and/or ​Application Owner​, then users belonging to this role won’t have access to the organization’s support portal.

Role Mapping

You can set up your Anypoint Platform organization so that when a SAML user belongs to certain groups, Anypoint Platform automatically grants certain equivalent roles in your Anypoint Platform organization.