Skip to Content
Technical Articles

SAP Cloud Platform API Management – API Product Permissions

My first Blog Post of this new year should start officially… so here we go: “Happy, successful and healthy new year 2021!” 🙂

Whilst preparing a customer demo on my freshly configured SAP Cloud Platform Integration Suite (thus on Cloud Foundry), I wanted to setup the visibility in the Developer Portal for different roles (on an API Product).

As you know (and this would be a prereq), you can bundle API proxies (the API Management facade to an API implementation) within an API Product. On this product, you can apply different configurations like Quotas, Scopes, filter Resources, … and add access control for the Developer Portal – better known as “Permission“.

The question I asked myself is “How to I create a role on my SAP Cloud Platform so that i can chose from it in API Management?”.

Since the answer was not trivial, I will document it here – quite high-level, but you’ll get the idea.

1- First, log into your SAP Cloud Platform sub-account where you have setup your Integration Suite.

2- We will now create a custom role collection that will eventually contain the API Product permissions, ie. the SCP roles.
On the left side menu, expand “Security” and click on “Role Collections”. Click on the “+” button and create a new role collection. Name it as you want but try to keep a meaningful naming convention.

3- We will now create the roles that will be used in the API Management API Product permissions.
On the left side menu, expand “Security” and click on “Roles”:

This is where you can manage all of the roles of your sub-account.

Search for the “ApplicationDeveloper” role template and click on “Add Using Same Role Template” in order to create a new role based on this template:

Define your new role as needed in API Management:

Click on “Next” and fill in the required fields:

Click on “Next”:

Click on “Next” and review your role.

Click on “Finish”.

4- We will now assign the role to the previously created role collection.
In the left-hand menu, click on “Roles” and search for the role role you have just created. In the search result, click its name:

In the Overview of the Role, click on “Edit”:

Now click on the “Role Collection” tab and click on “+”:

Now select the role collection you have just created and click on “Add”:

That’s it! You now select what roles are allowed to see your API Product in the Developer Portal once you have published it!

Be the first to leave a comment
You must be Logged on to comment or reply to a post.