-
Notifications
You must be signed in to change notification settings - Fork 17
8.3. OrgAdmin support
Organization-Administrators can also use the tool to register APIs in API-Manager.
By default, organization administrators require approval from an Administrator to publish APIs owned by users in their organization, and they are not allowed to unpublish APIs.
1. Unpublished APIs only
If an Organization-Administrator doesn't register/modify a "Published" API he can use the tool in the same way as an administrator.
However, everything that needs Admin-Permissions (like Quota-Settings, Client-Apps, etc.) can be configured by the Org-Admin but is ignored, as long a no Admin-User is provided.
2. Request for approval
Starting with version 1.6.5 this option is used by default, when executed without an Admin-Account.
When an Organization-Administrator tries to replicate a desired API with state: “Published”, Swagger-Promote will replicate that API into an actual state: "Request for approval" (Pending).
Once the API is in pending state, this becomes the actual API for the Organization Administrator, and he can update his actual API as often as he wants.
To get that API in production an Administrator must finally approve the pending API using the API-Manager UI or REST-API. Optionally it is recommended to automate that process and check regularly for pending APIs.
Once the pending API has been approved, the actual published API becomes “invisible” for the Organization-Administrator. In other words: From Swagger-Promote perspective, there is no actual API anymore and any new replication request will result in a new pending API. From that point on the process starts from the beginning.
By setting api.manager.orgadmin.selfservice.enabled (This flag was originally introduced in the 7.7 20200930 release. If set to true, it now allows Organization Admins to manage the API life cycle of APIs in their orgs) system property to true, the organization administrator no longer requires approval to publish and unpublish APIs in their own organization.
In addition, they can also deprecate, undeprecate, retire, upgrade, grant access to APIs, monitor the grant access process by being able to see the organizations and applications using the APIs, and revoke access in organizations in which they are an organization administrator. With the enablement of this system property all Organization administrators have view access to all organizations, but they can only view APIs in organizations in which they are a member of or have been granted access.