Skip to Content
Technical Articles

SAP Cloud Platform API Management – API Product Permissions

My first Blog Post of this new year should start officially… so here we go: “Happy, successful and healthy new year 2021!” 🙂

Whilst preparing a customer demo on my freshly configured SAP Cloud Platform Integration Suite (thus on Cloud Foundry), I wanted to setup the visibility in the Developer Portal for different roles (on an API Product).

As you know (and this would be a prereq), you can bundle API proxies (the API Management facade to an API implementation) within an API Product. On this product, you can apply different configurations like Quotas, Scopes, filter Resources, … and add access control for the Developer Portal – better known as “Permission“.

The question I asked myself is “How to I create a role on my SAP Cloud Platform so that i can chose from it in API Management?”.

Since the answer was not trivial, I will document it here – quite high-level, but you’ll get the idea.

1- First, log into your SAP Cloud Platform sub-account where you have setup your Integration Suite.

2- We will now create a custom role collection that will eventually contain the API Product permissions, ie. the SCP roles.
On the left side menu, expand “Security” and click on “Role Collections”. Click on the “+” button and create a new role collection. Name it as you want but try to keep a meaningful naming convention.

3- We will now create the roles that will be used in the API Management API Product permissions.
On the left side menu, expand “Security” and click on “Roles”:

This is where you can manage all of the roles of your sub-account.

Search for the “ApplicationDeveloper” role template and click on “Add Using Same Role Template” in order to create a new role based on this template:

Define your new role as needed in API Management:

Click on “Next” and fill in the required fields:

Click on “Next”:

Click on “Next” and review your role.

Click on “Finish”.

4- We will now assign the role to the previously created role collection.
In the left-hand menu, click on “Roles” and search for the role role you have just created. In the search result, click its name:

In the Overview of the Role, click on “Edit”:

Now click on the “Role Collection” tab and click on “+”:

Now select the role collection you have just created and click on “Add”:

That’s it! You now select what roles are allowed to see your API Product in the Developer Portal once you have published it!

1 Comment
You must be Logged on to comment or reply to a post.
  • Hi Sven Huberti,

    Good Article. We have already implemented this in our project but it would be really helpful for others.
    Small Suggestion: If you could add when should we use this tools and what are the best way to utilize this option. Example: What are the different types of discovery we can use and what is the ideal way, different types of subscription options that are ideal and best way's to use.

    Something like Best Practices for using it would really go a long way in improving the article.

    Other than that, explaination is very clear. Thanks for the article.

    Br/ Sai Sreenivas Addepalli.