From 0843de4d77815727fe154e30994e9c27fc464e44 Mon Sep 17 00:00:00 2001 From: Diane Hirsch Date: Fri, 28 Jul 2023 16:40:05 -0400 Subject: [PATCH 1/2] Prototype of Permissions --- .vscode/settings.json | 3 + .../ROOT/pages/permissions-by-product.adoc | 191 +++++------------- 2 files changed, 59 insertions(+), 135 deletions(-) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 00000000..54db2c4f --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "asciidoc.antora.enableAntoraSupport": false +} \ No newline at end of file diff --git a/modules/ROOT/pages/permissions-by-product.adoc b/modules/ROOT/pages/permissions-by-product.adoc index ee909957..3f4720a5 100644 --- a/modules/ROOT/pages/permissions-by-product.adoc +++ b/modules/ROOT/pages/permissions-by-product.adoc @@ -7,138 +7,59 @@ The following permissions can be assigned to xref:teams.adoc[teams], granted to == Access Management -Organization Administrator:: At the root organization level, grants a user most permissions available in Anypoint Platform, including but not limited to secrets management, network administration, and other view, modify, execute, and delete permissions. The Organization Administrator permission also grants access to the Organization Administration page, where the user can add and manage users and permissions, view and edit organization details, access API Manager > Client Applications, access the client ID and client secret for the organization, and customize the theme of the Developer Portal. This permission enables a user to edit all versions of all APIs, all registered applications, and all API Portals in Anypoint Platform. + -For security reasons, MuleSoft recommends distributing this permission to as few users as possible. - -Audit Log Config Manager:: Enables a user to configure the retention period for audit logs over their organization. You must apply this permission at the root organization level. This permission appears only if you have *Try new features* or the Teams feature enabled in Access Management. - -Audit Log Viewer:: Enables a user to view audit logs in Access Management. - -Usage Viewer:: Enables a user to view usage reports. - -== API Catalog - -* API Catalog Contributor - -== API Governance - -* Governance Administrator - -== API Manager - -Depending on your organization, you might see one of the following sets of permissions available for API Manager. - -include::partial$include-permissions-api-manager-post-crowd.adoc[] - -Or: - -include::partial$include-permissions-api-manager-pre-crowd.adoc[] - -== Anypoint Data Gateway - -* Data Gateway Administrator -* Data Gateway Viewer - -== Anypoint DataGraph - -* Contribute -* Consume -* Operate -* DataGraph Admin - -== Design Center - -Organization level permissions: - -* Design Center Developer -* Design Center Creator -* Design Center Viewer - -Project level permissions: - -* Project Administrator -* Project Editor -* Project Viewer - -== Exchange - -Organization level permissions: - -* Exchange Administrator -* Exchange Contributor -* Exchange Viewer - -Asset level permissions: - -* Asset Administrator -* Asset Contributor -* Asset Viewer - -== Anypoint Monitoring - -* Anypoint Monitoring User - -== Anypoint MQ - -* Clear destinations -* Manage clients -* Manage destinations -* View clients -* View destinations - -== Anypoint Partner Manager - -Depending on your organization, you might see one of the following sets of permissions available for Anypoint Partner Manager. - -* Partner Manager Administrator -* View Host, Partners and Message Flows -* Manage Partners and Message Flows -* Manage Activity -* Manage Host -* View Activity - -Or: - -* Manage Partners -* Manage Transactions -* Partners Administrator -* View Partners -* View Transactions - -== Runtime Manager - -* Cloudhub Network Administrator -* Cloudhub Network Viewer -* Delete Applications -* Download Applications -* Manage Alerts -* Manage Application Data -* Manage Queues -* Manage Runtime Fabrics -* Manage Runtime Fabric -* Manage Schedules -* Manage Settings -* Manage Tenants -* Read Alerts -* Read Applications -* Read Runtime Fabric -* Manage Servers -* Read Servers -* Manage Application Flows -* Create Applications - -== Secrets Manager - -* Grant access to secrets -* Manage secret groups -* Read secrets metadata -* Write secrets - -== Tokenization - -* Manage Tokenization Services -* Manage Tokenization Formats - -== Anypoint Visualizer - -* Visualizer Editor +[%header%autowidth.spread] +|=== +| Permission | Description +| Organization Administrator +a| +* At the root organization level, grants a user most permissions available in Anypoint Platform, including but not limited to secrets management, network administration, and other view, modify, execute, and delete permission. + +* On the Organization Administration page, enables a user to: + +** Add and manage users and permissions. +** View and edit organization details. +** Access API Manager client applications. +** Access the client ID and client secret for the organization. +** Customize the theme of the developer portal. +* Edit all versions of all APIS, registered applications, and API portals in Anypoint Platform. + +For security reasons, distribute this permission to as few users as possible. + +| Audit Log Config Manager +a| +Enables a user to configure the retention period for audit logs over their organization. + +This permission must be applied at the root organization level. It appears only if the organization has the modern UI enabled in Access Management. +| Audit Log Viewer +a| Enables a user to view audit logs in Access Management. +|=== + +== DataGraph + +[%header%autowidth.spread] +|=== +| Permission | Descrption +| Contribute +a| +Enables a user to: + +* Add source APIs to the unified schema. +* Edit any source API schema added to the unified schema. +* Request access to run queries. +* Promote API schemas to an environment. +* View query traces in real time while running queries from the UI. +* Download a copy of the unified schema from the query editor. +| Consume +a| +Enables a user to: + +* View and explore the unified schema. +* Request access to run queries and make data requests from the UI. +* Download a copy of the unified schema from the query editor. +| Operate +a| +Enables a user to: + +* View customer-facing logs. +* Set a dedicated load balancer URL for Anypoint Datagraph. +|=== \ No newline at end of file From 53672d0635f422a26096bb7d1e30cfcf3d36868d Mon Sep 17 00:00:00 2001 From: Diane E Hirsch Date: Fri, 28 Jul 2023 17:03:28 -0400 Subject: [PATCH 2/2] Update permissions-by-product.adoc --- modules/ROOT/pages/permissions-by-product.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/permissions-by-product.adoc b/modules/ROOT/pages/permissions-by-product.adoc index 3f4720a5..30e92266 100644 --- a/modules/ROOT/pages/permissions-by-product.adoc +++ b/modules/ROOT/pages/permissions-by-product.adoc @@ -21,7 +21,7 @@ a| ** Access API Manager client applications. ** Access the client ID and client secret for the organization. ** Customize the theme of the developer portal. -* Edit all versions of all APIS, registered applications, and API portals in Anypoint Platform. +* Enables a user to edit all versions of all APIS, registered applications, and API portals in Anypoint Platform. For security reasons, distribute this permission to as few users as possible. @@ -62,4 +62,4 @@ Enables a user to: * View customer-facing logs. * Set a dedicated load balancer URL for Anypoint Datagraph. -|=== \ No newline at end of file +|===