API Management Roles and Privileges

Administrators give a Boomi Enterprise Platform user access to one or more Boomi accounts using their unique email address. Administrators assign a role to a user to control their access to areas in API Management.

Administrators can control general account and user settings for all Boomi Enterprise Platform services by navigating to the Settings page. Administrators can configure user access in Account > User Management on the Settings page. Read User management settings to learn more about general settings for the platform.

Administrators can assign a role to a user for a specific account. Roles contain a list of privileges. A privilege is an allowable action or access to a specific area of API Management.

The following API Management roles are provided with a predefined list of privileges:

• API Manager - APIs and and Applications - Read and write access to APIs and Applications.
• API Infrastructure Manager – Read and write access to Gateways, Plans, and Authentication. Can publish Developer Portal.

The table below shows the predefined standard roles for users, the privileges assigned to each role, and descriptions of the privileges.

Privilege	Description	API Manager role	API Infrastructure Manager
API Management - Access	Full admin access to API Management. Gives access to all of API Management except the dashboard. Additional privileges must be granted to access specific environments to modify deployments within the environment. For example, if a user does not have access to environment A, they can see deployments in environment A but cannot modify them (such as change the authentication or assign a plan). Users get access to the environment either by having a privilege that gives access to all environments, like Environment Management, or by having a role that grants access to a specific environment. See Roles within an environment.	Excluded	Excluded
API Management - APIs	Read and write access to APIs. This gives users write access to the areas in API Management where they can modify deployed APIs: Deployed APIs, API Lifecycle, and Manage APIs.	Included	Excluded
API Management - Applications	Read and write access to API applications and subscriptions. Provides access to Configure APIs and Applications > Applications, subscriptions, and the Approve screen that allows you to approve or reject requests for access to APIs. Read access is provided to Configure APIs and Applications > Deployed APIs.	Included	Excluded
API Management - Plans	Read and write access to Plans.	Excluded	Included
API Management - Authentication	Read and write access to Authentication sources.	Excluded	Included
API Management - Developer Portal Publishing	Read and write access to publish the Developer Portal.	Excluded	Included
API Management - Gateway	Access to Configure Server > Gateways and read access to Configure APIs and Applications > Deployed APIs.	Excluded	Included
API Management - Dashboard	Access to the API Management Dashboard and read access to Configure APIs and Applications > Deployed APIs.	Excluded	Excluded
API Management - Read APIs	Read-only access to APIs. This privilege provides you with read-only access to the to Deployed APIs, API Lifecycle, and Manage APIs pages. With this privilege, you can easily view all the information available on these pages without the ability to interact with or modify any elements or perform any actions.	Excluded	Excluded
API Management - Read Applications	Read-only access to API applications. This privilege provides you with read-only access to Deployed APIs, Applications, and Approve pages. With this privilege, you can easily view all the information available on these pages without the ability to interact with or modify any elements or perform any actions.	Excluded	Excluded
API Management - Read Gateway	Read-only access to the Gateway configuration pages, including viewing details of the Gateway setup and environment migration. Users with this privilege can view the Gateways > Environment Migration table but cannot perform any migration actions or view detailed migration steps.	Excluded	Excluded
API Management - Read Plans	Read-only access to Plans.	Excluded	Excluded
API Management - Read authentication	Read-only access to authentication sources.	Excluded	Excluded
API Management - Read Developer Portal	Read-only access to publishing Development portal.	Excluded	Excluded

note

API Management - Roles and API Management - Testing are deprecated privileges that should not be used.

API Control Plane and Cloud API Management

API Control Plane and Cloud API Management are accessible from the Boomi platform in API Management if you have the appropriate entitlements. The following roles and privileges have been added to allow for navigation between the applications.

note

You cannot use the following privileges in custom roles, and the following roles cannot be extended.

Roles:

• API Control Plane Administrator - This role has access to administrative functions in the API Control Plane. Includes the API Control Plane User and User Management - Limited privileges to create users and has limited management of users privileges. This role is granted to Boomi Administrator users.
• API Control Plane User - Users with this role can access the Administrator Portal and the Developer Portal in the API Control Plane.
• Cloud API Management Administrator - This role has access to administrative functions in Cloud API Management. Includes the Cloud API Management User and User Management - Limited privileges to create users and has limited management of users privileges. This role is granted to Boomi Administrator users.

note

There is not currently single sign off between the Boomi Platform, Control Plane, and Cloud API Management. If you have access to all three and log off one of them, you will still be logged into the other two.

Privilege	Description	API Control Plane Administrator role	Cloud API Management Administrator role
User Management - Limited	Can add users to the account on the Boomi platform and edit the roles on existing users. Can only modify roles that are comprised of privileges already assigned to the authenticated user.	Included	Included
API Control Plane User	Access to the API Control Plane.	Included	Excluded
Cloud API Management User	Access to Cloud API Management.	Excluded	Included

note

• To allow an API Control Plane User the ability to create other users, they must have the User Management - Limited and API Control Plane User privileges.
• To allow a Cloud API Management User the ability to create other users, they must have the User Management - Limited and Cloud API Management User privileges.

Assigning a predefined role

1. In the Boomi Enterprise platform, navigate to Settings > Account > User Management.
2. Do one of the following:
   • For existing users:
     • Select the user and click the Edit icon.
     • Select the role or roles.
     • Click OK.
   • For new users:
     • Select the plus icon to create a new user.
     • Enter the new user’s email address and name.
     • Select the role or roles.
     • Click OK. The new user will receive a registration email.