Custom Role for enviroment

Hi ,

For SaaS instance of apigee , is there a way , I can edit /environments resource permission on Apigee while creating custom role through management API.

Issue : I want to create role which are specific to environment , in my org if I have 4 environment , I want some users can only access one environment and not other 3.

When I try to create custom role on APIGEE SaaS , through Management UI , I see /environment resouce permissons added when i allow trace access to all environments to a user , If i just select one environment , then when user logs in he/she cannot check environment configurations for that environment as drop down list of environment come empty.

Once I have created custom role for specific one environment , I cannot go ahead and change it by adding /environment/* resouce path as this give 403 forbidden (I know on SAAS it is not allowed to chnage environment via management API) , but is there a work around this issue.

Also , just wanted to know /environment resouce path is added when user are created from management UI , as there also we give organization admin credentials.

I have a problem ticket open with Apigee about this exact same issue.

What I did as a workaround is create the custom role with access to the environment resources that you want via the UI. In my case I then added additional resources to the role thru the APIs after I created the role via the UI.

@Mitchell Arends, do you have something to share with us post the resolution of the support ticket?

My support ticket resulted in a bug ticket being entered. I do not know if it has been resolved though.

In the mean time I did find a workaround to this issue thanks to another community forum post. Add a trailing ‘/’ to the end of the following resource paths:

{
    "path": "/environments/",
    "permissions": [
        "get"
    ]
},
{
    "path": "/environments/*/",
    "permissions": [
        "get"
    ]
}