3.1 Understanding the Secure API Manager Roles

Secure API Manager uses roles to manage access to the management console, the administration console, the Publisher, and the Store. The roles define what users are allowed to do in those consoles. You use the roles to grant permissions to the users.

Secure API Manager provides a set of default roles that provide the functionality required to perform the administrative tasks and to create and manage the APIs. Secure API Manager automatically imports the appropriate roles from Access Manager into the management console.

The management console allows you to view the roles and assign the roles when you create user accounts. The management console does not allow you to create new roles or delete any existing roles.

Here is a list of the roles and what each role allows a user to do:

  • admin: The admin role contains the permissions that allow members of this role to create users, assign roles, manages the Database Service component, and manage security, among other tasks. Secure API Manager provides a default administrator user of admin that is a member of the admin role. Users with the admin role can log in and access the management console (/carbon) and the administration console (/admin).

  • creator: The Internal/creator role allows users to create APIs but they cannot manage the lifecycle of the APIs. If you add the Governance permission to this role, the role has the same rights as the Publisher role.

  • publisher: The Internal/publisher role allows users to publish and manage the APIs. It also allows users to add and monitor throttling policies. The publisher role does not allow you to create APIs. You must have the Internal/creator role and the Internal/publisher role to create and publish APIs.

  • subscriber: The Internal/subscriber role allows users to access and use the Store. Users with this role can search the available APIs, subscribe to APIS, invoke APIs, and read the available documentation for APIs.

  • NAM_OAUTH2_DEVELOPER: You create this role when you integrate Access Manager with Secure API Manager. This role allows Access Manager to send the OAuth tokens to the APIs. For more information, see Integrating Secure API Manager with Access Manager in the NetIQ Secure API Manager 1.0 Installation Guide.

  • NAM_OAUTH2_: You create this role when you integrate Access Manager with Secure API Manager. This role allows Access Manager to send the OAuth tokens to the APIs. For more information, see Integrating Secure API Manager with Access Manager in the NetIQ Secure API Manager 1.0 Installation Guide.