Manage user rights

Requirements

The monitoring scope of Prebuilt Dashboards is aimed at four types of users:

  • The API Administrator: responsible for ensuring the overall quality of service
  • The Relationship Manager: focuses on consumer (client application) experience relating to the quality of service and usage
  • The API Product Manager or API Owner: focuses on the API usage trend and adoption
  • The API Infrastructure Administrator: responsible for ensuring the availability of resources for supporting the activity

One user can play one or more of these roles, depending on the size and complexity of the organization.

For example, in a small organization, the same user can act as an API admin and an infrastructure admin. In larger or more complex organizations, each user can be dedicated to one single domain of concerns.

Several users can play the same role, but the scope of data to monitor is different depending on the user access rights.

For example, John is owner of the PetStore API, and Mark is owner of the BookStore API, and they both need to monitor the usage and adoption of their own APIs.

End user rights management concepts

User rights management is built around two  main concepts:

  • Application Perspective: the monitoring solution offers a range of perspectives depending on the profiles of users the monitoring application can handle. An Application Perspective is a navigation context composed of a home dashboard and a subset of other dashboards, depending on the profile the user has.
  • User Data Filtering: the monitoring solution offers an assignation system to enable an API Product Manager/Relationship Manager to monitor a specific subset of APIs/Organizations.

 

In the context of the Prebuilt Dashboards, the following corresponding application perspectives are predefined:

Application perspective Role Domain of concern Filtering rule
API Health API Admin API Health None
Client Application Health (all) Relationship Manager (all) Client Application Health None
Client Application Health (user) Relationship Manager Client Application Health Client applications related to the Organization the user is assigned to.
API Usage (all) API Product Manager (all) API Usage None
API Usage (user) API Product Manager API Usage APIs the user is assigned to.
API Infrastructure Health API Infrastructure Administrator API Infrastructure Health None

 

Application perspectives

User roles and Application perspectives have been created to restrict access to dashboards / define the home dashboard with respect to the role of the user connected.

See Perspectives for mode detailed information on perspectives.

User data filtering

User data filtering is handled by the Observation Model.

From a functional standpoint:

  • The Client Application Health domain can be filtered using the relationship between the User and Organization entities: this way the connected User will have visibility over the Client Applications relating to the Organizations this user is assigned to.
  • The API Usage domain can be filtered using the relationship between the User and API entities, this way the connected User will have visibility only for the APIs this User is assigned to.

 

Procedures (functional administration)

Give access rights to a user for one or more application perspectives

When a role is assigned to a user, then the corresponding perspective is also assigned to that user.

A user can have access to different perspectives if different roles are assigned to that user, or if different perspectives are assigned to the role.

See Managing rights, Roles and deployment permissions in the Decision Insight product documentation for further information.

The user can switch from one perspective to another using the list at the top of the screen.

Update user data filtering

1 - Create a file and put it into a dedicated file directory on server

Consists in filling in a .csv file with the following fields:

  • the user id
  • the API or Organization id

APIs filtering 

User;API
userA;PetStore
userB;BookStore

Organizations filtering 

User;Organization
userC;SNCF
userD;Arcelor Mittal

2 - Put the file into a dedicated directory on the server hosting the Prebuilt Dashboards solution

File directory path is specified by the property (located in the Data integration / 07-API-Configuration space):

  • In_User_APIs (APIs filtering)
  • In_User_Organization (Organizations filtering)

 

3 - Start the route (located in Data Integration / 07-API-Configuration space) to trigger file absorption:

2 routes are available for taking into account the configuration files:

  • assignAPIsToUsers (APIs filtering)
  • assignOrganizationsToUsers (Organizations filtering)

 

If the file has not been correctly absorbed, you should see this file moved to the .error sub-directory. You would need to check the content of the file, correct it and follow the procedure again. When correctly absorbed, files are moved to the .camel sub-directory.

 

4 - Trigger recomputings

To make the changes take effect on old data, go to Configure and manage >> Platform then go to the Computing section, and manually flush the pending events to trigger recalculation on user-related metrics.

Related Links