Contact Us 1-800-596-4880

User Roles, Permissions, and Profiles

This topic provides information about the user roles, permissions, and profiles used in API Experience Hub for Salesforce Experience Cloud and Anypoint Platform.

  • For Anypoint Platform, users with different access levels are managed using Anypoint Access Management. You can configure the permissions for administrators and Exchange viewers. For more information, see Managing Permissions in Access Management.

  • For Experience Cloud, the System Administrator profile or the AEH_Anypoint permission set is required for the user who performs the linking process.

Administrators

The Organization Administrator role has all of the permissions necessary to create, curate, manage, and customize a portal. This role can also grant another user in their organization the API Experience Hub Administrator permission. This permission enables a user to do all of the same tasks in the portal as the Organization Administrator.

An API Experience Hub Admin team and an API Experience Hub Portal Admin team is created in Access Management during the connecting and linking process. Once your Salesforce organization is successfully connected to your Anypoint organization, the AEH Admin team is created. Any user, who is assigned the AEH Admin, is automatically added to the AEH Admin team.

Once your styling changes for the portal are saved, the AEH Portal Admin team is created. Although the API Experience Hub Portal Administrator team is visible in Access Management, this permission isn’t supported in this release.

Administrators can only add APIs for which they have the Exchange Viewer permission. When APIs are added to the portal, all administrators are automatically assigned the Exchange Viewer permission.

API Experience Hub is integrated with Salesforce Experience Cloud. Administrators access the Salesforce Experience Builder with a shared user account. The identity of the administrator is shared therefore, API Experience Hub can’t determine the individual administrator’s action in the shared account.

The System Administrator profile has specific permissions to perform functions on the Salesforce Platform. The user with this profile performs the initial step of creating an API portal by connecting to the Salesforce Experience Cloud and linking the Salesforce organization to the Anypoint organization. This process can only be done by the user with the System Administrator profile. The AEH_Anypoint permission set can also be created to have only the minimal necessary permissions for the user who performs the linking process. For more information, see Assigning Permissions.

Role/Permission/Profile

Description

Actions

Salesforce System Administrator

This profile must be assigned to the user who performs the Salesforce linking process.

  • Perform the Salesforce linking process

Organization administrator in the main organization

API Experience Hub is business group agnostic which means that the portal belongs to the main organization only and the admin can create portals across business groups. The organization administrator inherits all API Experience Hub permissions, enabling them to perform any available operation within the platform.

  • Perform the Salesforce linking process

  • Create a portal

  • Add and remove APIs from the portal

  • Assign the visibility of an API instance

  • Manage users

  • Use Experience Builder to customize portal

API Experience Hub Administrator

The admin inherits all of the Organization Administrator permissions necessary to create your API Portal.

  • Perform the Salesforce linking process

  • Create a portal

  • Add and remove APIs from the portal

  • Assign the visibility of an API instance

  • Create a new connection to Salesforce and new portals

  • Manage users

  • Use Experience Builder to customize portal

API Experience Hub Portal Administrator

Currently, can manage only one API portal in the organization

  • Add and remove specific APIs from the portal

  • Assign the visibility of an API instance

Exchange Permissions

All administrators must have the Exchange Viewer permission to import APIs into the portal.

Permission

Description

Actions

Exchange Viewers

Assign this permission to the Organization Administrator or the API Experience Hub Administrator who performs the Salesforce linking process. Users with this permission can’t add new assets, edit asset portal content, or share an asset with another user.

  • View APIs in Exchange

  • Import APIs from Exchange to the portal

Granular Permissions and Permission Sets

Use the following permission or permission set to allow users to perform specific tasks only. For more information about configuring the permission and the permission set, see Assigning Permissions.

Permission/Permission Set

Description

Actions

API Experience Hub Users Approver

A granular permission that enables a user to perform specific tasks to manage users.

  • Approve or reject a user’s registration for the portal

  • Enable or disable a user’s access to the portal

AEH_Anypoint permission set

A permission set that contains the minimum permissions required for a Salesforce user to perform the linking process.

  • A user with this permission set can perform the Salesforce linking process

Consumer Users

API Experience Hub has the following consumer user profiles:

  • Guest

  • Member

These are groups of users with certain permissions that you can manage using the Teams feature in Access Management. Permissions for Guest and Member users are automatically determined by how they access an organization’s portal. A user who does not log in to the portal is an anonymous user that is assigned the guest user profile with the permissions assigned to this group. A guest user can become a member by completing the registration process for the portal. Once the user’s registration is approved, this user inherits the member user profile and its associated permissions. For more information about Teams in Access Management, see Manage User Access Using Teams.

User Profile

Description

Actions

Guest

This user’s profile is anonymous and isn’t logged in the API portal.

  • View public APIs that are shared with them

  • Can self-register to become a member

  • Can’t request access to APIs

Member

This is a registered user who can log in to a portal.

  • View public APIs and other APIs that are shared with them

  • Registered using self-registration to become a member

  • Request access to APIs