This chapter describes managing users in Oracle API Manager.
The following topics are covered:
API Manager users are managed using Fusion Middleware Control. An administrative user creates groups in Fusion Middleware Control, maps application roles to these groups, creates users, and then assigns users to groups.
Use this URL to log onto Fusion Middleware Control:
http://administration_server_host:administration_server_port/em
The Administration Server host and port number were in the URL on the Configuration Success screen (Writing Down Your Domain Home and Administration Server URL). The default Administration Server port number is 7001
.
Note:
The tasks in this section describe creating users and assigning roles using Fusion Middleware Control. You can also use an LDAP Authentication provider to manage users. See "Configuring LDAP Authentication Providers" in Administering Security for Oracle WebLogic Server for more information.
Use Fusion Middleware Control to create groups that map to the API Manager roles.
See Understanding User Roles in Oracle API Manager for additional information about the API Manager user roles.
You must complete this task multiple times to create the following groups:
API Admin
API Consumer
API Curator
Developer
You do not need to create groups for the following Service Bus groups, which are available OOTB:
Administrators
Deployers
Monitors
To create a group:
When finished, complete the task described in Assign Application Roles to Groups Using Fusion Middleware Control.
After you have created groups that correspond with the roles in API Manager, you must assign application roles to these groups. After completing this task, any users assigned to the specified groups will be granted the applicable application role.
You do not need to assign application roles to the Administrator Service Bus group. This is done OOTB.
When finished, complete the task described in Creating API Manager Users.
You create API Manager users with Fusion Middleware Control.
API Admin
API Consumer
API Curator
API Developer
Deployers
Monitors
Caution:
Do not use any of the following characters in user names: ; , + = \ (double back-slashes can be used; for example smith\\
). Do not begin a user name with a pound sign (#) or double quotes ("). Creating a user with any of the preceding invalid characters can corrupt the WebLogic domain.
To create API Manager users:
The user name appears in the User table
When finished, complete the task described in Assigning Users to Groups.
All users accessing the Service Bus console must be a member of the Monitors group. The easiest way to assign these users to the Monitors group is to add their parent groups to the Monitors group.
You must add these groups to the Monitors group:
API Curator
API Developer
Deployers
Note:
All users accessing the Service Bus Console must be added to the Monitors parent group or to a group that is a member of the Monitors parent group. Ensure that you have completed this task if you hare having trouble accessing the Service Bus Console with an appropriate user.
You add users to the appropriate groups to grant role permissions associated with that group. For example, assign a user to the API Curator group to grant that user permissions associated with the API Curator role.
You should create at least one user for each role, and then add users to the groups that correspond with their intended roles:
API Admin
API Consumer
API Curator
API Developer
Deployers
Monitors
To add API Manager users to groups:
The next steps include curating APIs using Oracle Service Bus, discovering and using APIs from the API Manager Portal, and administering API Manager.
See Using Oracle API Manager for more information.