Management Services RBAC filter

Contents

Overview
Configuration

Overview

Role-Based Access Control (RBAC) is used to protect access to the API Gateway management services. For example, management services are invoked when a user accesses the server using the Policy Studio or the API Gateway Manager tools (https://localhost:8090/). For more information on RBAC, see the API Gateway Administrator Guide.

The Management Services RBAC filter is used in the Protect Management and Policy Director Interfaces policy to perform the following tasks:

  • Read the user roles from the configured message attribute (for example, authentication.subject.role).

  • Determine which management service URI is currently being invoked.

  • Return true if one of the roles has access to the management service currently being invoked, as defined in the acl.json file.

  • Otherwise, return false, and the Return HTTP Error 403: Access Denied (Forbidden) policy is called. The message content of this filter is shown when a valid user has logged into the browser, but their roles do not give them access to the URI they have invoked. For example, this occurs if a new user is created and they have not yet been assigned any roles.

Configuration

Configure the following settings:

Name:

Enter an appropriate name for this filter.

Role Attribute:

Select or enter the message attribute that contains the user roles. Defaults to authentication.subject.role.

Prev  Up  Next
  Home