Manage Admin users


When logging into the Policy Studio or API Gateway Manager, you must enter the user credentials stored in the local Admin user store to connect to the API Gateway server instance. Admin users are responsible for managing API Gateway instances using the API Gateway management APIs. To manage Admin users, click the Settings > Admin Users tab in the API Gateway Manager.

[Note] Note

Admin users provide access to the API Gateway configuration management features available in the Policy Studio and API Gateway Manager. However, API Gateway users provide access to the messages and services protected by the API Gateway. For more details, see Manage API Gateway users.

Admin user privileges

After installation, a single Admin user is defined in the API Gateway Manager with a user name of admin. Admin user rights in the system include the following:

  • Add another Admin user.

  • Delete another Admin user.

  • Update an Admin user.

  • Reset Admin user passwords.

[Important] Important

An Admin user cannot delete itself.

Remove the default Admin user

To remove the default Admin user, perform the following steps:

  1. Add another Admin user.

  2. Log in as the new Admin user.

  3. Delete the default Admin user.

The Admin Users tab displays all existing Admin users. You can use this tab to add, update, and delete Admin users. These tasks are explained in the sections that follow.

Admin user roles

The API Gateway uses Role-Based Access Control (RBAC) to restrict access to authorized users based on their assigned roles in a domain. Using this model, permissions to perform specific system operations are assigned to specific roles only. This simplifies system administration because users do not need to be assigned permissions directly, but instead acquire them through their assigned roles.

For example, the default Admin user (admin) has the following user roles:

  • Policy Developer

  • API Server Administrator

  • KPS Administrator

User roles and privileges

User roles have specific tools and privileges assigned to them. These define who can use which tools to perform what tasks. The user roles provided with the API Gateway assign the following privileges to Admin users with these roles:

Role Tool Privileges
API Server Administrator API Gateway Manager Read/write access to API Gateway Manager.
API Server Operator API Gateway Manager Read-only access to API Gateway Manager.
Deployer Deployment scripts Deploy a new configuration.
KPS Administrator KPS Web UI Perform create, read, update, delete (CRUD) operations on data in a Key Property Store (KPS).
Policy Developer Policy Studio Download, edit, deploy, version, and tag a configuration.

[Note] Note

A single Admin user typically has multiple roles. For example, in a development environment, a policy developer Admin user would typically have the following roles:

  • Policy Developer

  • API Server Administrator

Add a new Admin user

Complete the following steps to add a new Admin user to the system:

  1. Click the Settings > Admin Users tab in the API Gateway Manager.

  2. Click the Create button.

  3. In the Create New Admin User dialog, enter a name for the user in the Username field.

  4. Enter a user password in the Password field.

  5. Re-enter the user password in the Confirm Password field.

  6. Select roles for the user from the list of available roles (for example, Policy Developer and/or API Server Administrator).

  7. Click Create.

Remove an Admin user

To remove an Admin user, select it in the Username list, and click the Delete button. The Admin user is removed from the list and from the local Admin user store.

Reset an Admin user password

You can reset an Admin user password as follows:

  1. Select the Admin user in the Username list.

  2. Click the Edit button.

  3. Enter and confirm the new password in the Password and Confirm Password fields.

  4. Click OK.

Manage Admin user roles

You can manage the roles that are assigned to specific Admin users as follows:

  1. Select the Admin user in the Username list.

  2. Click the Edit button.

  3. Select the user roles to enable for this Admin user in the dialog (for example, Policy Developer and/or API Server Administrator).

  4. Click OK.

Edit roles

To add or delete specific roles, you must edit the available roles in the adminUsers.json and acl.json files in the conf directory of your API Gateway installation.

For more details on role-based access, see the API Gateway Administrator Guide.