Share via

Grant API management permisssion by group

Amy Z 291 Reputation points
2020-12-24T06:25:01.707+00:00

Hi, we'd like to know if it's possible to grant API management permissions by group.
Here's our scenario.

Team A ~ Team N have their own APIs and can access developer portal as well. We (APIM admin) hope each team can publish their own APIs via APIM by themselves. Since each team has their own sensitive settings (eg : backend endpoint or specific policy ), they should ONLY has permission to manage their own APIs/Products (create/update/delete) without touching other team's settings. And it'd be better for each team to check their own API/Product's metrics. Just like general marketplace, each store owner can publish their own product and manage inventory and order.

Not sure if this is possible under current APIM functions.
We can see following builtin roles in IAM, but it seems there's no way to grant to more detail, like to certain API product or so.
50996-image.png

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,805 questions
0 comments
Accepted answer
  1. Pramod Valavala 20,591 Reputation points Microsoft Employee
    2020-12-24T13:15:46.683+00:00

    While the built-in roles have permissions scoped for all APIs, you could create Custom Roles with permissions scoped to a sub-resource, for example Microsoft.ApiManagement/service/apis/<api-id>/write and then assign this custom role to a Azure AD Group.

    You could even use the same Azure AD Group as APIM Groups as well if you leverage Azure AD for developer accounts too but note that requires the standard or premium tier.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest