This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Restrict access to a specific proxy for one user in Apigee

‎12-04-2023 11:38 AM - edited ‎01-29-2024 07:07 AM

elbehairy
Staff
0 0 311

This use case require two roles to be assigned to the user that you want to restrict

  • Apigee Environment Admin.
  • Custom Role you will create following [2]

1- For Apigee Environment Admin,

  • Create IAM condition and copy the query below in the Condition Editor as in Doc [1].
resource.name.startsWith("organizations/PROJECT-NAME/apis/PROXY-NAME") ||
resource.type == "cloudresourcemanager.googleapis.com/Project"

 2- For the Custom role,

 Add the following Permissions,

apigee.deployments.get
apigee.deployments.list
apigee.entitlements.get
apigee.organizations.get
apigee.projectorganizations.get
apigee.setupcontexts.get
apigee.environments.get
apigee.environments.list

Note: if you require more access to the user , for example allow the user to view trace sessions within a proxy , you can add the below permissions to the custom role.

 

apigee.tracesessions.get
apigee.tracesessions.list

[1] https://cloud.google.com/iam/docs/conditions-overview 

[2] https://cloud.google.com/iam/docs/creating-custom-roles#creating

 

Topic Labels
Contributors
0 Likes
Version history
Last update:
‎01-29-2024 07:07 AM
Updated by: