This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 59%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
Hello Team,
This question is regarding the visibility of APIs in APIM for an API developer from the Azure portal.
Once a developer is logged into the Azure portal, and has access to the APIM instance, there is visibility to access/edit all the APIs (even the ones not intended to).
Is there a recommendation from Microsoft on how this can be managed incase the APIM instance is used as a shared instance across departments & there is a need to group and restrict access to the APIs for API developers.
We understand that productization is possible for APIs that have to be exposed to Application developers via Developer Portal but we understand that this doesn't bring in isolation for the API developers.
In general wanted to know if we have any blueprint/architectural recommendations from Microsoft for Azure API Management as a shared deployment model.
Thank you in advance!
Azure API Management supports Azure RBAC (Role Based Access Control) to enable fine grained access. Refer
https://learn.microsoft.com/en-us/azure/api-management/api-management-role-based-access-control
It is possible to deine custom roles and define the permissions to suit your requirement. Refer
Hope this helps
Thank you. Is there any other way of grouping possible? provider organizations or spaces (ex: for specific departments)?
In general wanted to know if we have any blueprint/architectural recommendations from Microsoft for Azure API Management as a shared deployment model.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 87%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hello @Devidasan Nirmala - Custom Roles should enable you to accomplish the end result that you're after. AFAIK, there isn't any specific guideline from the APIM side on this particular use case as it is mostly a general RBAC configuration.
@Devidasan Nirmala - By default API Management has 3 groups namely Administrators, Developers and Guests. Also you can create custom groups, For example, you could create one custom group for developers affiliated with a specific partner organization and allow them access to the APIs from a product containing relevant APIs only
Refer: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-create-groups
Hope this helps