Core concepts & API governance
ApiShare provides a role-based access control (RBAC) model to enforce governance, security, and API lifecycle management. This model ensures that every user has only the permissions required for their specific responsibilities, maintaining compliance with organizational policies.
Default Roles in ApiShare
ApiShare includes a set of predefined roles, each with specific permissions. These roles follow a hierarchical structure, where each role inherits permissions from lower-tier roles, ensuring structured access control.
Overview of Default Roles
Role
Description | |
|---|---|
Owner | The highest-level role, with full administrative control over the tenant, organizations, APIs, and configurations. |
Organization Admin | Manages an entire organization, including its groups, users, APIs, and applications. |
Group Admin | Controls a specific group within an organization, managing API and application access. Approves lifecycle steps such as distribution (for Products) and publication (for Assets). |
Contributor | A developer role responsible for creating, modifying, and enhancing APIs (both Products and Assets). Can propose new APIs and contribute to their lifecycle. |
Consumer | Can subscribe to API Products, request access, and leave reviews on APIs. Does not have permission to create or modify APIs. |
Guest | A user who has been invited to the system but does not belong to an organization. Can browse API and Application catalogs and request to join organizations. |
Each role's permissions can be configured based on specific environments (e.g., Development, Test, Production), ensuring granular control over API access.
Default ApiShare Permissions
ApiShare implements a principle of least privilege, ensuring that users can only perform actions relevant to their assigned role. The following tables summarize the default permissions for each role across different lifecycle stages.
PRODUCT Permissions
The following table summarizes the permitted actions concerning the Product lifecycle. The permissions may differ depending on the state of the Product. All combinations of actions and states not included are to be considered as not permitted, according to the principle of least privilege.
Action
Description | Lifecycle Status | Owner | Organization Admin | Group Admin | Contributor | Consumer | Guest | |
|---|---|---|---|---|---|---|---|---|
Create | Permission to create a new Product. The action is independent of the lifecycle status. | NA | Yes | Yes | Yes | Yes | No | NA |
View all | Permission to view all Products in one's own organization, regardless of the group to which the user belongs. The action is independent of the lifecycle status. | NA | Yes | Yes | No | No | No | NA |
Save
| Permission to make a modification to a Product in the workspace. | Concept, Draft | Yes | Yes | Yes | Yes | No | NA |
Concept, Proposed | Yes | Yes | Yes | No | No | NA | ||
In Progress, Draft | Yes | Yes | Yes | Yes | No | NA | ||
In Progress, Pending for publishing | Yes | Yes | Yes | No | No | NA | ||
In Progress, Pending for validation | Yes | Yes | Yes | No | No | NA | ||
In Progress, Validation rejected | Yes | Yes | Yes | Yes | No | NA | ||
Published, Live | Yes | Yes | Yes | No | No | NA | ||
Published, Non production | Yes | Yes | Yes | No | No | NA | ||
Delete
| Permission to permanently delete a Product in the workspace. | Concept, Draft | Yes | Yes | Yes | Yes | No | NA |
In Progress, Draft | Yes | No | No | No | No | NA | ||
Concept, Proposed | Yes | No | No | No | No | NA | ||
Concept, Rejected | Yes | Yes | Yes | No | No | NA | ||
In Progress, Pending for publishing | Yes | No | No | No | No | NA | ||
In Progress, Pending for validation | Yes | No | No | No | No | NA | ||
In Progress, Validation rejected | Yes | Yes | Yes | No | No | NA | ||
Retired, Retired | Yes | No | No | No | No | NA | ||
Propose | Permission to propose a Product concept for approval or rejection | Concept, Draft | Yes | Yes | Yes | Yes | No | NA |
Reject | Permission to reject a Product proposal. | Concept, Proposed | Yes | Yes | Yes | No | No | NA |
In Progress, Pending for validation | Yes | Yes | Yes | No | No | NA | ||
Accept | Permission to accept a Product proposal | Concept, Proposed | Yes | Yes | Yes | No | No | NA |
Request validation | Permission to request validation of a Product in progress. | In Progress, Draft | Yes | Yes | Yes | Yes | No | NA |
Approve | Permission to accept a Product in progress and to proceed in the lifecycle. | In Progress, Pending for validation | Yes | Yes | Yes | No | No | NA |
Publish | Permission to publish the API Product on the gateway in a designated domain belonging to a non-production environment. The published API Product will be visible in the API Catalog. | In Progress, Pending for publishing | Yes | Yes | Yes | Yes | No | NA |
Republish | Permission that allows the user to republish an API - Product in a previously published environment | Published, Non Production | Yes | Yes | Yes | No | No | NA |
Published, Live | Yes | Yes | Yes | No | No | NA | ||
Promote | Permission to promote the published Product in a hierarchically superior environment. | Published, Non production | Yes | Yes | Yes | No | No | NA |
Ready for go-live | Permission to designate a published Product as ready for publication in the production environment. The action will only be available if the Product has been published in all available non-production environments. | Published, Non production | Yes | Yes | Yes | No | No | NA |
Go live | Permission to publish the Product in a production environment. | Published, Pending for go-live | Yes | Yes | Yes | No | No | NA |
Undo go-live | Permission to remove the Product from the ready-for-go-live state. | Published, Pending for go-live | Yes | Yes | Yes | No | No | NA |
New version | Permission to create a new patch, minor or major version of an API Product. | Published, Live | Yes | Yes | Yes | Yes | No | NA |
Published, Non production | Yes | Yes | Yes | Yes | No | NA | ||
Deprecate | Permission to deprecate a published Product. | Published, Live | Yes | Yes | Yes | No | No | NA |
Retire
| Permission to retire a published Product. | Published, Deprecated | Yes | Yes | Yes | No | No | NA |
Published, Live | Yes | Yes | Yes | No | No | NA | ||
Published, Non production | Yes | Yes | Yes | No | No | NA | ||
Retry | Permission to retry integration with the gateway in the event of an error. | In Progress, Publish error | Yes | Yes | Yes | No | No | NA |
Published, Go-live error | Yes | Yes | Yes | No | No | NA | ||
Published, Promoting error | Yes | Yes | Yes | No | No | NA | ||
Published, Retiring error | Yes | Yes | Yes | No | No | NA |
ASSET Permissions
The following table summarizes the permitted actions concerning the Asset lifecycle. The permissions may differ depending on the state of the Asset. All combinations of actions and states not included are to be considered as not permitted, according to the principle of least privilege.
Action
Description | Lifecycle Status | Owner | Organization Admin | Group Admin | Contributor | Consumer | Guest | |
|---|---|---|---|---|---|---|---|---|
Create | Permission to create a new Asset. The action is independent of the lifecycle status. | NA | Yes | Yes | Yes | Yes | No | NA |
View all | Permission to view all Assets in one's own organization, regardless of the group to which the user belongs. The action is independent of the lifecycle status. | NA | Yes | Yes | No | No | No | NA |
Save
| Permission to make a modification to an Asset in the workspace. | In Progress, Draft | Yes | Yes | Yes | Yes | No | NA |
In Progress, Proposed | Yes | Yes | Yes | No | No | NA | ||
Active, Published | Yes | Yes | Yes | No | No | NA | ||
Active, Unpublished | Yes | Yes | Yes | No | No | NA | ||
Delete
| Permission to permanently delete an Asset in the workspace. | In Progress, Draft | Yes | Yes | Yes | Yes | No | NA |
In Progress, Proposed | Yes | No | No | No | No | NA | ||
In Progress, Rejected | Yes | Yes | Yes | Yes | No | NA | ||
Active, Deprecated | Yes | Yes | Yes | Yes | No | NA | ||
Propose | Permission to propose a draft Asset for activation, publication or rejection. | In Progress, Draft | Yes | Yes | Yes | Yes | No | NA |
Reject | Permission to reject an Asset proposal. | In Progress, Proposed | Yes | Yes | Yes | No | No | NA |
Edit | Permission to edit a rejected Asset. | In Progress, Rejected | Yes | Yes | Yes | Yes | No | NA |
Activate
| Permission to activate an Asset. | In Progress, Draft | Yes | Yes | Yes | No | No | NA |
In Progress, Proposed | Yes | Yes | Yes | No | No | NA | ||
Activate and publish | Permission to activate and publish an Asset. | In Progress, Draft | Yes | Yes | Yes | No | No | NA |
In Progress, Proposed | Yes | Yes | Yes | No | No | NA | ||
Publish
| Permission to publish an active Asset. | Active, Unpublished | Yes | Yes | Yes | No | No | NA |
Unpublish
| Permission to unpublish an active Asset. | Active, Published | Yes | Yes | Yes | No | No | NA |
Productize | Permission to productize an Asset. | Active, Unpublished | Yes | Yes | Yes | Yes | No | NA |
Active, Published | Yes | Yes | Yes | Yes | No | NA | ||
Duplicate | Permission to duplicate an Asset, creating a new draft Asset. | Active, Unpublished | Yes | Yes | Yes | Yes | No | NA |
Active, Published | Yes | Yes | Yes | Yes | No | NA | ||
Active, Deprecated | Yes | Yes | Yes | Yes | No | NA | ||
Deprecate | Permission to deprecate an active Asset. | Active, Unpublished | Yes | Yes | Yes | No | No | NA |
Active, Published | Yes | Yes | Yes | No | No | NA |
APPLICATION Permissions
The following table summarizes the permitted actions concerning the Application lifecycle. The permissions may differ depending on the state of the APP. All combinations of actions and states not included are to be considered as not permitted, according to the principle of least privilege.
Action
Description | Lifecycle Status | Owner | Organization Admin | Group Admin | Contributor | Consumer | Guest | |
|---|---|---|---|---|---|---|---|---|
Create | Permission to create a new APPLICATION. The action is independent of the lifecycle status. | NA | Yes | Yes | Yes | Yes | Yes | NA |
View all | Permission to view all APPs in one's own organization, regardless of the group to which the user belongs. The action is independent of the lifecycle status. | NA | Yes | Yes | No | No | No | NA |
Save
| Permission to make a modification to an APP in the workspace. | Concept, Draft | Yes | Yes | Yes | Yes | No | NA |
Concept, Proposed | Yes | Yes | Yes | No | No | NA | ||
Published, Active | Yes | Yes | Yes | No | No | NA | ||
Delete
| Permission to permanently delete an APP in the workspace. | Concept, Draft | Yes | Yes | Yes | Yes | No | NA |
Concept, Proposed | Yes | No | No | No | No | NA | ||
Concept, Rejected | Yes | Yes | Yes | No | No | NA | ||
Retired, Retired | Yes | No | No | No | No | NA | ||
Propose | Permission to propose an APP concept for activation or rejection | Concept, Draft | Yes | Yes | Yes | Yes | No | NA |
Reject | Permission to reject an APP proposal. | Concept, Proposed | Yes | Yes | Yes | No | No | NA |
Activate
| Permission to activate a suspended application. | Concept, Draft | Yes | Yes | Yes | No | No | NA |
Concept, Proposed | Yes | Yes | Yes | No | No | NA | ||
Published, Suspended | Yes | Yes | Yes | No | No | NA | ||
Suspend | Permission to suspend an active application. | Published, Active | Yes | Yes | Yes | No | No | NA |
Retire
| Permission to retire an activated or suspended application. This operation will also permanently delete any associated subscriptions. | Published, Active | Yes | Yes | Yes | No | No | NA |
Published, Suspended | Yes | Yes | Yes | No | No | NA | ||
Retry
| Permission to retry integration with the gateway in the event of an error. | Published, Activation error | Yes | Yes | Yes | No | No | NA |
Published, Retiring error | Yes | Yes | Yes | No | No | NA | ||
Published, Suspension error | Yes | Yes | Yes | No | No | NA |
SUBSCRIPTION Permissions
The following table summarizes the permitted actions concerning the Subscription lifecycle. The permissions may differ depending on the state of the subscription and depending on whether a subscription has been requested or received.. All combinations of actions and states not included are to be considered as not permitted, according to the principle of least privilege.
Action
Description | Lifecycle Status | Owner | Organization Admin | Group Admin | Contributor | Consumer | Guest | |
|---|---|---|---|---|---|---|---|---|
Subscription Requested | ||||||||
View all | Permission to view all requested subscription in one's own organization, regardless of the group to which the user belongs. The action is independent of the lifecycle status. | NA | Yes | Yes | No | No | No | NA |
Save | Permission to make a modification to an existing subscription. | Pending, New | Yes | Yes | Yes | No | No | NA |
Delete | Permission to permanently delete a subscription. | Pending, New | Yes | Yes | Yes | No | No | NA |
Rejected, Rejected | Yes | Yes | Yes | No | No | NA | ||
Revoked, Api retired | Yes | Yes | Yes | No | No | NA | ||
Suspend | Permission to temporarily or indefinitely suspend a subscription. | Active, Active | Yes | No | No | No | No | NA |
Edit | Permission to propose a modification to an existing subscription. | Active, Active | Yes | Yes | Yes | Yes | No | NA |
Reject | Permission to reject a subscription request. | Active, Pending for approval | Yes | No | No | No | No | NA |
Pending, New | Yes | No | No | No | No | NA | ||
Accept
| Permission to accept and activate a subscription request. | Active, Pending for approval | Yes | No | No | No | No | NA |
Pending, New | Yes | No | No | No | No | NA | ||
Activate | Permission to activate a subscription. | Suspended, Suspended | Yes | No | No | No | No | NA |
Retry
| Permission to retry integration with the gateway in the event of an error. | Active, Suspension error | Yes | No | No | No | No | NA |
Active, Update error | Yes | No | No | No | No | NA | ||
Pending, Activation error | Yes | No | No | No | No | NA | ||
Suspended, Activation error | Yes | No | No | No | No | NA | ||
Subscription Received | ||||||||
View all | Permission to view all received subscription in one's own organization, regardless of the group to which the user belongs. The action is independent of the lifecycle status. | NA | Yes | Yes | No | No | No | NA |
Save | Permission to make a modification to an existing subscription. | Pending, New | Yes | No | No | No | No | NA |
Delete | Permission to permanently delete a subscription. | Pending, New | Yes | No | No | No | No | NA |
Rejected, Rejected | Yes | No | No | No | No | NA | ||
Revoked, Api retired | Yes | No | No | No | No | NA | ||
Suspend | Permission to temporarily or indefinitely suspend a subscription. | Active, Active | Yes | Yes | Yes | No | No | NA |
Edit | Permission to propose a modification to an existing subscription. | Active, Active | Yes | No | No | No | No | NA |
Reject | Permission to reject a subscription request. | Active, Pending for approval | Yes | Yes | Yes | No | No | NA |
Pending, New | Yes | Yes | Yes | No | No | NA | ||
Accept
| Permission to accept and activate a subscription request. | Active, Pending for approval | Yes | Yes | Yes | No | No | NA |
Pending, New | Yes | Yes | Yes | No | No | NA | ||
Activate | Permission to activate a subscription. | Suspended, Suspended | Yes | Yes | Yes | No | No | NA |
Retry
| Permission to retry integration with the gateway in the event of an error. | Active, Suspension error | Yes | Yes | Yes | No | No | NA |
Active, Update error | Yes | Yes | Yes | No | No | NA | ||
Pending, Activation error | Yes | Yes | Yes | No | No | NA | ||
Suspended, Activation error | Yes | Yes | Yes | No | No | NA | ||
ORGANIZATION-GROUP Permissions
The following table summarizes the allowed actions concerning organizations and groups.
Action
Description | Owner | Organization Admin | Group Admin | Contributor | Consumer | Guest | |
|---|---|---|---|---|---|---|---|
Organization | |||||||
Add [Organization] | Permission to create a new organization | Yes | No | No | No | No | NA |
Add [Group] | Permission to create a new group associated with an organization. | Yes | Yes | No | No | No | NA |
Edit | Permission to edit an organization (Name, Organization Contact, Description, Set internal /external). | Yes | Yes | No | No | No | NA |
Delete | Permission to remove an organization. | Yes | No | No | No | No | NA |
Synchronize [All organizations] | Permission to synchronise all tenant organizations simultaneously. Allowed only if the synchronization of organizations with the gateway is enabled. | Yes | No | No | No | No | NA |
Synchronize | Permission to synchronise an organization. Allowed only if the synchronization of organizations with the gateway is enabled. | Yes | Yes | No | No | No | NA |
Group | |||||||
Quit | Permission that allows a user to remove themselves from a group. | NA | Yes | Yes | Yes | Yes | NA |
Auto edit role | Permission that allows a user to change their role | NA | No | No | No | No | NA |
Add user [Org Admin group] | Permission that allows a user to invite/add users to the 'org admins' group. | Yes | Yes | No | No | No | NA |
Add user [My groups] | Permission that allows a user to invite/add other users to their own group | NA | NA | Yes | No | No | NA |
Add user [Not my groups] | Permission that allows a user to invite/add other users in all the organization's groups except his own group | Yes | Yes | No | No | No | NA |
Edit user [Org Admin group] | Permission that allows a user to change the role of another user in the 'org admins' group. (currently never possible) | No | No | No | No | No | NA |
Edit user [My groups] | Permission that allows a user to change the role of another user in his own group | NA | NA | Yes | No | No | NA |
Edit user [Not my groups] | Permission that allows a user to change the role of another user in all groups in the organization except his own group. | Yes | Yes | No | No | No | NA |
Remove user [Org Admin group] | Permission to remove a user from the 'org admins' group. | Yes | Yes | No | No | No | NA |
Remove user [My groups] | Permission allowing a user to remove another user from their own group | NA | NA | Yes | No | No | NA |
Remove user [Not my groups] | Permission allowing a user to remove another user from any group in the organisation other than their own group. | Yes | Yes | No | No | No | NA |
Edit [Org Admin group] | Permission to edit the 'org admins' group (Name, Group Contact, Description). | Yes | Yes | No | No | No | NA |
Edit [My groups] | Permission to edit one's own group (Name, Group Contact, Description). | NA | NA | Yes | No | No | NA |
Edit [Not my groups] | Permission to edit any group in the organisation except one's own | Yes | Yes | No | No | No | NA |
Delete [Org Admin group] | Permission to remove the group 'org admins'. (currently never possible) | No | No | No | No | No | NA |
Delete [My groups] | Permission that allows the user to remove the group to which he belongs. (currently never possible) | NA | NA | No | No | No | NA |
Delete [Not my groups] | Permission to remove any group in the organisation except the one to which the user belongs. | Yes | Yes | No | No | No | NA |
Custom Roles and Access Control
ApiShare allows for the creation and configuration of custom roles, enabling organizations to enforce fine-grained governance that aligns with their internal policies and processes.
Custom Role Configuration
Administrators can create and manage custom roles through the Admin Functionalities section in ApiShare. Custom roles can be configured with:
Environment-based restrictions: Define whether a role can access APIs in Development, Test, or Production environments.
Lifecycle step permissions: Restrict actions such as API proposal, publishing, deprecation, and retirement.
Entity-specific permissions: Grant different levels of access to API Products, API Assets, and Applications.
API Subscription Policies: Control how a role can request, approve, or manage API subscriptions.
Benefits of Custom Roles
The ability to configure custom roles provides the following advantages:
✅ Greater control over API governance: Organizations can define precise access permissions aligned with security policies.
✅ Separation of duties: Ensures compliance by granting the minimum required permissions to each role.
✅ Scalability: Custom roles support complex multi-tenant API ecosystems, enabling different governance models for internal teams, partners, and citizen developers.
✅ Security and Compliance: Limits access to sensitive APIs and ensures that governance workflows align with company-wide security policies.
Conclusion
By leveraging default and custom roles, ApiShare provides a flexible and secure governance model that ensures efficient API lifecycle management, minimizing risks while maximizing control. Administrators can fine-tune role permissions at every stage of the API lifecycle, creating a governance structure tailored to their organizational needs