Contents
Role-Based Access Control (RBAC) is used to protect access to the API Gateway management
services. For example, management services are invoked when a user accesses the server
using Policy Studio or API Gateway Manager (https://localhost:8090/
).
For more information on RBAC, see the API Gateway Administrator Guide.
The Management Services RBAC filter can be used to perform the following tasks:
-
Read the user roles from the configured message attribute (for example,
authentication.subject.role
). -
Determine which management service URI is currently being invoked.
-
Return true if one of the roles has access to the management service currently being invoked, as defined in the
acl.json
file. -
Otherwise, return false.