Managing Admin Users

Contents

Overview
Admin User Privileges
Admin User Roles
Adding a New Admin User
Removing an Admin User
Resetting an Admin User Password
Managing Admin User Roles

Overview

When logging into the Policy Studio or API Gateway Manager, you must enter the user credentials stored in the local Admin User store to connect to the API Gateway server instance. Admin Users are responsible for managing API Gateway instances using the API Gateway management APIs. You can manage Admin Users by clicking the Settings -> Admin Users tab in the API Gateway Manager.

[Note] Note

Admin Users provide access to the API Gateway configuration management features available in the Policy Studio and API Gateway Manager. Whereas API Gateway Users provide access to the messages and services protected by the API Gateway. For more details, see the API Gateway Users topic.

Admin User Privileges

After installation, a single Admin User is defined in the API Gateway Manager with a username of admin. Admin User rights in the system include the following:

  • Add another Admin User.

  • Delete another Admin User.

  • Update an Admin User.

  • Reset Admin User passwords.

[Important] Important

An Admin User cannot delete itself.

Removing the Default Admin User

If you wish to remove the default Admin User, perform the following steps:

  1. Add another Admin User.

  2. Log in as the new Admin User.

  3. Delete the default Admin User.

The Admin Users tab displays all existing Admin Users. You can use this tab to add, update, and delete Admin Users. These tasks are explained in the sections that follow.

Admin User Roles

The API Gateway uses Role-Based Access Control (RBAC) to restrict access to authorized users based on their assigned roles in a domain. Using this model, permissions to perform specific system operations are assigned to specific roles only. This simplifies system administration because users do not need to be assigned permissions directly, but instead acquire them through their assigned roles.

For example, the default Admin User (admin) has the following user roles:

  • Policy Developer

  • API Server Administrator

  • API Service Developer

  • KPS Administrator

User Roles and Privileges

User roles have specific tools and privileges assigned to them. These define who can use which tools to perform what tasks. The user roles provided with the API Gateway assign the following privileges to Admin Users with these roles:

Role Tool Privileges
Policy Developer Policy Studio Download, edit, deploy, version, and tag a configuration.
API Service Developer API Service Manager Perform create, read, update, delete (CRUD) operations, and deploy API services. No access to other API Gateway Manager tabs.
API Service Administrator API Service Manager Read-only list of API services. No access to other API Gateway Manager tabs.
API Server Administrator API Gateway Manager Read/write access to API Gateway Manager. No access to API Service Manager tab.
API Server Operator API Gateway Manager Read-only access to API Gateway Manager. No access to API Service Manager tab.
Deployer Deployment scripts Deploy a new configuration.
KPS Administrator KPS Web UI Perform CRUD operations on data in a Key Property Store (KPS).


[Note] Note

A single Admin User typically has multiple roles. For example, in a development environment, a policy developer Admin User would typically have the following roles:

  • Policy Developer

  • API Service Developer

  • API Server Administrator

Adding a New Admin User

Complete the following steps to add a new Admin User to the system:

  1. Click the Settings -> Admin Users tab in the API Gateway Manager.

  2. Click the Create button.

  3. In the Create New Admin User dialog, enter a name for the User in the Username field.

  4. Enter a user password in the Password field.

  5. Re-enter the user password in the Confirm Password field.

  6. Select roles for the user from the list of available roles (for example, Policy Developer and/or API Server Administrator).

  7. Click Create.

Removing an Admin User

To remove an Admin User, select it in the Username list, click the Delete button. The Admin User is removed from the list and from the local Admin User store.

Resetting an Admin User Password

You can reset an Admin User password as follows:

  1. Select the Admin User in the Username list.

  2. Click the Edit button.

  3. Enter and confirm the new password in the Password and Confirm Password fields.

  4. Click OK.

Managing Admin User Roles

You can manage the roles that are assigned to specific Admin Users as follows:

  1. Select the Admin User in the Username list.

  2. Click the Edit button.

  3. Select the user roles that you wish to enable for this Admin User in the dialog (for example, Policy Developer and/or API Server Administrator).

  4. Click OK.

Editing Roles

To add or delete specific roles, you must edit the available roles in the adminUsers.json and acl.json files in the conf directory of your API Gateway installation. For full details on managing roles, see the topic on Configuring Role-Based Access Control (RBAC).

Prev  Up  Next
  Home