Shared Flow Permissions - Custom Role

anonymous · May 2, 2018, 8:19pm

Hi

Im trying to create permissions for a custom-role on shared flows and facing an issue when verifying those roles.

My end goal is to create a custom role such that any org user who belongs to that custom role should be able to perform edit and delete only on the shared flows he/she creates. Is this possible ? I see this works as expected with proxies, but not with shared flows. And in this process I found an issue which the following describes.

Here are my steps

Created permissions using Management API – Here are the permissions related to shared flows on custom-role

	{
            "organization": "ORG_NAME",
            "path": "/sharedflows",
            "permissions": [
                "put",
                "get"
            ]
        },
        {
            "organization": "ORG_NAME",
            "path": "/sharedflows/*",
            "permissions": [
                "put",
                "get"
            ]
        },
        {
            "organization": "ORG_NAME",
            "path": "/sharedflows/*/revisions/*",
            "permissions": [
                "delete",
                "put",
                "get"
            ]
        },
        {
            "organization": "ORG_NAME",
            "path": "/sharedflows/*/revisions/*/deploy",
            "permissions": [
                "delete",
                "put",
                "get"
            ]
        },
        {
            "organization": "ORG_NAME",
            "path": "/environments/*/sharedflows/*/revisions/*/deployments",
            "permissions": [
                "delete",
                "put",
                "get"
            ]
        }

User assigned to the newly created custom role
User logged in to Edge and created shared flow
Administrator made a management API call to see how the permissions look for newly created shared flow

        {
            "organization": "ORG_NAME",
            "path": "/sharedflows/Shared-Flow-Created-by-CustomRole/undefined",
            "permissions": [
                "delete",
                "put",
                "get"
            ]
        },

please note ‘undefined’ in the path. Not sure if this is a bug or if Im doing something incorrectly. Also Please let me know if my permissions are incorrect for managing shared flows. The objective is to create a custom role such that any org user who belongs to that custom role should be able to perform edit and delete only on the shared flows he/she creates.

Thank you!

anonymous · May 17, 2018, 1:53am

¿Could you share the management API call that you’re using for step No. 4? Thanks.

anonymous · May 17, 2018, 2:33am

I would create a role per user and assign permissions that mix wildcards with ‘user ids’ (perhaps a prefix?) e.g.

{
  "path" : "/sharedflows/USER_ID*",
  "permissions" : ["put", "get"]
}

I would assume that only a role with POST permissions will create entities for the ‘Specific User Role’. Once these entities are created the ‘Specific User’ will be able to edit these entities.

Also, the ’

/sharedflows//revisions//deploy’ path doesn’t exist in the sharedflows doc.

anonymous · May 21, 2018, 4:03pm

{{MGMTSVR}}/v1/organizations{{ORG}}/userroles/{{ROLENAME}}/permissions

anonymous · May 21, 2018, 4:04pm

Im testing this and possibly use a shell script to automate this. Will update soon. Thanks Ruben!

Topic		Replies	Views
Is there a way to control access to shared flows in Apigee Edge via the RBAC configs? Apigee api-runtime	3	8	August 22, 2019
wildcards to set custom role’s permissions on shared flows Apigee api-runtime	0	3	April 16, 2018
custome role for sharedflow Apigee apigee-general	1	6	March 16, 2023

Shared Flow Permissions - Custom Role

AI Suggested topics