Contents
Role-Based Access Control (RBAC) is used to protect access to the API Gateway management
services. For example, management services are invoked when a user accesses the server
using the Policy Studio or the API Gateway Manager tools (https://localhost:8090/
).
For more information, see Configuring Role-Based Access Control (RBAC).
The RBAC filter is used in the Protect Management and Policy Director Interfaces policy to perform the following tasks:
-
Read the user roles from the configured message attribute (for example,
authentication.subject.role
). -
Determine which management service URI is currently being invoked.
-
Return true if one of the roles has access to the management service currently being invoked, as defined in the
acl.json
file. -
Otherwise, return false, and the Return HTTP Error 403: Access Denied (Forbidden) policy is called. The message content of this filter is shown when a valid user has logged into the browser, but their roles do not give them access to the URI they have invoked. For example, this occurs if a new user is created and they have not yet been assigned any roles.