User Roles, Permissions, and Profiles
This topic provides information about the user roles, permissions, and profiles used in API Experience Hub for Salesforce Experience Cloud and Anypoint Platform.
-
For Anypoint Platform, users with different access levels are managed using Anypoint Access Management. You can configure the permissions for administrators and Exchange viewers. For more information, see Managing Permissions in Access Management.
-
For Experience Cloud, the System Administrator profile or the AEH_Anypoint permission set is required for the user who performs the linking process.
Administrators
The Organization Administrator role has all of the permissions necessary to create, curate, manage, and customize a portal. This role can also grant another user in their organization the API Experience Hub Administrator permission. This permission enables a user to do all of the same tasks in the portal as the Organization Administrator.
An API Experience Hub Admin team and an API Experience Hub Portal Admin team is created in Access Management during the connecting and linking process. Once your Salesforce organization is successfully connected to your Anypoint organization, the AEH Admin team is created. Any user, who is assigned the AEH Admin, is automatically added to the AEH Admin team.
Once your styling changes for the portal are saved, the AEH Portal Admin team is created. Although the API Experience Hub Portal Administrator team is visible in Access Management, this permission isn’t supported in this release.
Administrators can only add APIs for which they have the Exchange Viewer permission. When APIs are added to the portal, all administrators are automatically assigned the Exchange Viewer permission.
API Experience Hub is integrated with Salesforce Experience Cloud. Administrators access the Salesforce Experience Builder with a shared user account. The identity of the administrator is shared therefore, API Experience Hub can’t determine the individual administrator’s action in the shared account.
The System Administrator profile has specific permissions to perform functions on the Salesforce Platform. The user with this profile performs the initial step of creating an API portal by connecting to the Salesforce Experience Cloud and linking the Salesforce organization to the Anypoint organization. This process can only be done by the user with the System Administrator profile. The AEH_Anypoint permission set can also be created to have only the minimal necessary permissions for the user who performs the linking process. For more information, see Assigning Permissions.
Role/Permission/Profile |
Description |
Actions |
Salesforce System Administrator |
This profile must be assigned to the user who performs the Salesforce linking process. |
|
Organization administrator in the main organization |
API Experience Hub is business group agnostic which means that the portal belongs to the main organization only and the admin can create portals across business groups. The organization administrator inherits all API Experience Hub permissions, enabling them to perform any available operation within the platform. |
|
API Experience Hub Administrator |
The admin inherits all of the Organization Administrator permissions necessary to create your API Portal. |
|
API Experience Hub Portal Administrator |
Currently, can manage only one API portal in the organization |
|
Exchange Permissions
All administrators must have the Exchange Viewer permission to import APIs into the portal.
Permission |
Description |
Actions |
Exchange Viewers |
Assign this permission to the Organization Administrator or the API Experience Hub Administrator who performs the Salesforce linking process. Users with this permission can’t add new assets, edit asset portal content, or share an asset with another user. |
|
Granular Permissions and Permission Sets
Use the following permission or permission set to allow users to perform specific tasks only. For more information about configuring the permission and the permission set, see Assigning Permissions.
Permission/Permission Set |
Description |
Actions |
API Experience Hub Users Approver |
A granular permission that enables a user to perform specific tasks to manage users. |
|
AEH_Anypoint permission set |
A permission set that contains the minimum permissions required for a Salesforce user to perform the linking process. |
|
Consumer Users
API Experience Hub has the following consumer user profiles:
-
Guest
-
Member
These are groups of users with certain permissions that you can manage using the Teams feature in Access Management. Permissions for Guest and Member users are automatically determined by how they access an organization’s portal. A user who does not log in to the portal is an anonymous user that is assigned the guest user profile with the permissions assigned to this group. A guest user can become a member by completing the registration process for the portal. Once the user’s registration is approved, this user inherits the member user profile and its associated permissions. For more information about Teams in Access Management, see Manage User Access Using Teams.
User Profile |
Description |
Actions |
Guest |
This user’s profile is anonymous and isn’t logged in the API portal. |
|
Member |
This is a registered user who can log in to a portal. |
|