11436 SSO

Apigee Edge Product Update: Custom Roles

Apigee Product Team
Jan 31, 2014

Our latest Apigee Edge update includes several new features and enhancements. We’d like to highlight the power and usefulness of one in particular. The new custom roles feature enables you to tailor roles and associated permissions to control access to various Edge features.

Apigee Edge has always had a strong set of features for role management and access control, built from the ground up. User roles form the basis of role-based access control (RBAC), meaning you can control which Edge features, capabilities, and entities a person can access by assigning them one of the following roles: business user, operations administrator, organization administrator, or user.

With the beta release of custom roles, you can now perform custom role management to set fine-grained, role-based access. This new functionality enables you to:

  • set up multiple custom roles

  • set up permissions for actions and entities

  • set up a lightweight workflow to support distributed API development


Predefined and custom role setup screen for role management


Separation-of-concerns via role-based access control

One of the key tenets of enabling "defense in depth" security practices within an enterprise is “separation of concerns”. RBAC is an important facet of separation-of-concerns, as it facilitates designing security into the architecture and enables strong security management within your API infrastructure.

Benefit from best practices

From our experience working with hundreds of customers on their API programs, we’ve learned that RBAC over all entities and actions is an effective strategy for managing the people-side complexity of an API program. Generally, the requirements start with what information should be displayed or hidden, based on the user role as well as which interfaces should be accessible. These requirements quickly expand, however, as multiple teams become involved and complexity grows.

API ecosystem

Today’s API ecosystem involves many teams and individuals. Community managers, API service teams, business owners, and of course operations are all engaged at various points in the software development lifecycle. How do you enable multiple teams to work concurrently without one editing or even viewing the other’s APIs? How do you restrict access to traffic reports or usage data to a particular team? How can you tightly control access to your partner APIs while providing a more collaborative environment for internal APIs? Separation of concerns and RBAC provide the key.

Securely accelerate digital transformation

With custom roles and fine-grained permissions on our entities and actions, we’re addressing the API ecosystem’s needs and incorporating best practices we’ve learned from working with hundreds of customers across a variety of industries. Now we’re making this capability available so all our customers can benefit and securely accelerate their digital transformations.


Custom role definition


Organization role capabilities to meet your unique needs

The Apigee API platform brings a fully functional solution for RBAC without compromising the cost benefits of our cloud-based, multi-tenant software stack. It enables:

  • a single organization with multiple environments that is now coupled with extended RBAC

  • the definition of custom roles for different members or teams

  • the definition of more granular access for entities and actions with custom roles to more closely match your team structure and ownership model

We continue to enhance our security capabilities to address your business cases so we’d love to hear what you think about this new feature. Keep the feedback coming!


Scaling Microservices