Managing organization users

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.
info

This topic explains how to create and manage organization users. You must be an organization administrator to perform these tasks.

What are organization users?

Organization users are given explicit permission by the organization administrator to create, read, edit, and/or delete entities in an Apigee Edge organization. Permissions are role-based, where a role conveys a specific, targeted set of permissions. This permission scheme is also called role-based access control, or RBAC for short.

What Edge entities do organization users work with?

Organization users interact with a number of entities, including:

  • API proxies
  • API products
  • Developer apps
  • Developers
  • Environments (Trace tool sessions and deployments)
  • Custom reports (Analytics)

The degree of interaction permitted depends on the role or roles that are assigned to the user by the organization administrator. See also Assigning roles.

Exploring the Users page

Access the Users page, as described below.

Edge

To access the Users page using the Edge UI:

  1. Sign in to https://apigee.com/edge as an organization administrator.
  2. Select Admin > Users.

    If you are not an organization administrator, this menu is not available.

The User page appears, as shown in the following figure.

As highlighted in the figure, the Users page enables you to:

Classic Edge (Private Cloud)

To access the Organization Users page using the Classic Edge UI:

  1. Sign in to http://ms-ip:9000 as an organization administrator, where ms-ip is the IP address or DNS name of the Management Server node.
  2. Select Admin > Organization Users.

The Users page enables you to:

Adding users

To add an organization user:

  1. Access the Users page.
  2. Click + User.

    The New User page displays.

  3. Enter the user's email address.
  4. Select the roles you want to assign to the user.
    You can add more than one role to a user.
  5. Click Save.

If the user already has an Apigee account, they will see the new organization after signing into Apigee Edge. If the new user doesn't yet have an Apigee account, they are sent email instructions for account activation, password reset, and logging in.

Add or Remove ZoneAdmin

Apigee Edge UI does not support adding zone administrators. To grant or revoke ZoneAdmin access using Apigee API, follow these steps:

  1. Use the get_token utility to get token.
  2. Export variables:
    export TOKEN=token_from_above_step
    export ENDPOINT=https://api.enterprise.apigee.com
    export ORG=apigee_organization_name
    export EMAIL=apigee_username
  3. Add the user to the ZoneAdmin role:
    curl -X POST -i -d '{"role" : [ {"name" : "zoneadmin"} ] }' "$ENDPOINT/v1/o/$ORG/users/$EMAIL/userroles" -H "Content-type:application/json" -H "Authorization: Bearer $TOKEN"
  4. Check the user's role:
    curl -i "$ENDPOINT/v1/users/$EMAIL/userroles" -H "Content-type:application/json" -H "accept: application/json;charset=utf-8" -H "authorization: Bearer $TOKEN"
  5. To remove the previously added ZoneAdmin:
    curl -X DELETE -i -d '{"role" : [ {"name" : "zoneadmin"} ] }' "$ENDPOINT/v1/o/$ORG/userroles/zoneadmin/users/$EMAIL" -H "Content-type:application/json" -H "Authorization: Bearer $TOKEN"

Editing a user profile and assigned roles

You can edit a user profile and add one or more roles to a user when you create a new user or edit an existing user. See also Assigning roles.

To edit a user profile and assigned roles:

  1. Access the Users page.
  2. Click the name of an existing user.
  3. Click Edit.
  4. You can modify only your own first and last name, not those of other users.
  5. Add or remove roles:
    • To add a role, click in the Roles field and select a new role from the drop-down.
    • To remove a role, click the x associated with the role.
  6. Repeat the previous step to add additional roles, if desired.
  7. Click Save.

Removing users from an organization

To remove a user from an organization, you must be an organization administrator.

  1. Access the Users page.
  2. Click Remove in the Actions column associated with the user that you want to remove.

To remove a user from Apigee completely, contact Apigee Support.