Roles and permissions
ApiShare provides a role-based access control (RBAC) model to enforce governance, security, and API lifecycle management. This model ensures that every user has only the permissions required for their specific responsibilities, maintaining compliance with organizational policies.
Role Type
ApiShare introduces the concept of Role Type to further classify each role, clearly defining the operational scope and responsibilities within the platform. This distinction supports governance, organizational clarity, and scalability, ensuring that every role is assigned according to its area of responsibility.
Role Types
Tenant Admin
Roles with tenant-wide administrative capabilities. They manage global configurations, governance, and are responsible for functionalities across the entire platform.
A Tenant Admin has the ability to:Manage Widgets
View all entities in the Catalog, respecting visibility settings
View all entities in the Workspace
View all Organizations and Groups
View the User list
View all Invitations
View all Join Requests
View and edit all Documentation
Multiple Tenant Admins can be assigned within a tenant.
Group Member
Roles that operate within the scope of a specific organization or group, with permissions limited to their domain.
Multiple Group Member roles can be created and customized.
Guest
The Guest Role Type is used for users who are not yet part of an organization. This Role Type enables the system to distinguish between two specific roles:Guest (Role: Guest, Role Type: Guest)
A user who has been invited to the platform but has not yet joined an organization. This role is suitable for onboarding or limited access scenarios. Guests can browse catalogs and request to join organizations.Visitor (Role: Visitor, Role Type: Guest)
A non-registered user introduced primarily for the Public Showcase feature. Visitors have restricted visibility and can only access public-facing content such as selected APIs and documentation.
Both roles share the Guest Role Type, but serve different purposes and have distinct access levels.
Role Types are system-defined and not customizable. Each role in ApiShare is classified according to its operational scope.
Default roles in ApiShare
ApiShare includes a set of predefined roles, each with specific permissions. These roles follow a hierarchical structure, where each role inherits permissions from lower-tier roles, ensuring structured access control.
Overview of default roles
Role | Role Type | Description |
|---|---|---|
Owner | Tenant Admin | The highest-level role, with full administrative control over the tenant, organizations, APIs, and configurations. The Owner is also the only user who has access to the Administrator section. |
Organization Admin | Group Member | Manages an entire organization, including its groups, users, APIs, and applications. |
Group Admin | Group Member | Controls a specific group within an organization, managing API and application access. Approves lifecycle steps such as distribution (for Products) and publication (for Assets). |
Contributor | Group Member | A developer role responsible for creating, modifying, and enhancing APIs (both Products and Assets). Can propose new APIs and contribute to their lifecycle. |
Consumer | Group Member | Can subscribe to API Products, request access, and leave reviews on APIs. Does not have permission to create or modify APIs. |
Guest | Guest | A user who has been invited to the system but does not belong to an organization. Can browse API and Application catalogs and request to join organizations. |
Visitor | Guest | A non-registered user accessing the public page. Has restricted visibility of the API catalog and Documentation. |
Each role's permissions can be configured based on specific environments (e.g., Development, Test, Production), ensuring granular control over API access.
Default ApiShare permissions
ApiShare implements a principle of least privilege, ensuring that users can only perform actions relevant to their assigned role. The following tables summarize the default permissions for each role across different lifecycle stages.
Product permissions
The following table summarizes the permitted actions concerning the Product lifecycle. The permissions may differ depending on the state of the Product. All combinations of actions and states not included are to be considered as not permitted, according to the principle of least privilege.
Action | Description | Lifecycle Status | Owner | Organization Admin | Group Admin | Contributor | Consumer | Guest | Visitor |
|---|---|---|---|---|---|---|---|---|---|
Create | Permission to create a new Product. The action is independent of the lifecycle status | NA | Yes | Yes | Yes | Yes | No | NA | NA |
View all | Permission to view all Products in one's own organization, regardless of the group to which the user belongs. The action is independent of the lifecycle status. | NA | Yes | Yes | No | No | No | NA | NA |
Save | Permission to make a modification to a Product in the workspace. | Concept, Draft | Yes | Yes | Yes | Yes | No | NA | NA |
Concept, Proposed | Yes | Yes | Yes | No | No | NA | NA | ||
In Progress, Draf | Yes | Yes | Yes | Yes | No | NA | NA | ||
In Progress, Pending for publishing | Yes | Yes | Yes | No | No | NA | NA | ||
In Progress, Pending for validation | Yes | Yes | Yes | No | No | NA | NA | ||
In Progress, Validation rejected | Yes | Yes | Yes | Yes | No | NA | NA | ||
Published, Live | Yes | Yes | Yes | No | No | NA | NA | ||
Published, Non production | Yes | Yes | Yes | No | No | NA | NA | ||
Delete | Permission to permanently delete a Product in the workspace. | Concept, Draft | Yes | Yes | Yes | Yes | No | NA | NA |
In Progress, Draft | Yes | No | No | No | No | NA | NA | ||
Concept, Proposed | Yes | No | No | No | No | NA | NA | ||
Concept, Rejected | Yes | Yes | Yes | No | No | NA | NA | ||
In Progress, Pending for publishing | Yes | No | No | No | No | NA | NA | ||
In Progress, Pending for validation | Yes | No | No | No | No | NA | NA | ||
In Progress, Validation rejected | Yes | Yes | Yes | No | No | NA | NA | ||
Retired, Retired | Yes | No | No | No | No | NA | NA | ||
Propose | Permission to propose a Product concept for approval or rejection | Concept, Draft | Yes | Yes | Yes | Yes | No | NA | NA |
Reject | Permission to reject a Product proposal. | Concept, Proposed | Yes | Yes | Yes | No | No | NA | NA |
In Progress, Pending for validation | Yes | Yes | Yes | No | No | NA | NA | ||
Accept | Permission to accept a Product proposal | Concept, Proposed | Yes | Yes | Yes | No | No | NA | NA |
Request validation | Permission to request validation of a Product in progress. | In Progress, Draft | Yes | Yes | Yes | Yes | No | NA | NA |
Approve | Permission to accept a Product in progress and to proceed in the lifecycle. | In Progress, Pending for validation | Yes | Yes | Yes | No | No | NA | NA |
Publish | Permission to publish the API Product on the gateway in a designated domain belonging to a non-production environment. The published API Product will be visible in the API Catalog. | In Progress, Pending for publishing | Yes | Yes | Yes | Yes | No | NA | NA |
Republish | Permission that allows the user to republish an API - Product in a previously published environment. | Published, Non Production | Yes | Yes | Yes | No | No | NA | NA |
Published, Live | Yes | Yes | Yes | No | No | NA | NA | ||
Promote | Permission to promote the published Product in a hierarchically superior environment. | Published, Non production | Yes | Yes | Yes | No | No | NA | NA |
Ready for go-live | Permission to designate a published Product as ready for publication in the production environment. The action will only be available if the Product has been published in all available non-production environments. | Published, Non production | Yes | Yes | Yes | No | No | NA | NA |
Go live | Permission to publish the Product in a production environment. | Published, Pending for go-live | Yes | Yes | Yes | No | No | NA | NA |
Undo go-live | Permission to remove the Product from the ready-for-go-live state. | Published, Pending for go-live | Yes | Yes | Yes | No | No | NA | NA |
New version | Permission to create a new patch, minor or major version of an API Product. | Published, Live | Yes | Yes | Yes | Yes | No | NA | NA |
Published, Non production | Yes | Yes | Yes | Yes | No | NA | NA | ||
Deprecate | Permission to deprecate a published Product. | Published, Live | Yes | Yes | Yes | No | No | NA | NA |
Retire | Permission to retire a published Product. | Published, Deprecated | Yes | Yes | Yes | No | No | NA | NA |
Published, Live | Yes | Yes | Yes | No | No | NA | NA | ||
Published, Non production | Yes | Yes | Yes | No | No | NA | NA | ||
Retry | Permission to retry integration with the gateway in the event of an error. | In Progress, Publish error | Yes | Yes | Yes | No | No | NA | NA |
Published, Go-live error | Yes | Yes | Yes | No | No | NA | NA | ||
Published, Promoting error | Yes | Yes | Yes | No | No | NA | NA | ||
Published, Retiring error | Yes | Yes | Yes | No | No | NA | NA |
Asset permissions
The following table summarizes the permitted actions concerning the Asset lifecycle. The permissions may differ depending on the state of the Asset. All combinations of actions and states not included are to be considered as not permitted, according to the principle of least privilege.
Action | Description | Lifecycle Status | Owner | Organization Admin | Group Admin | Contributor | Consumer | Guest | Visitor |
|---|---|---|---|---|---|---|---|---|---|
Create | Permission to create a new Asset. The action is independent of the lifecycle status. | NA | Yes | Yes | Yes | Yes | No | NA | NA |
View all | Permission to view all Assets in one's own organization, regardless of the group to which the user belongs. The action is independent of the lifecycle status. | NA | Yes | Yes | No | No | No | NA | NA |
Save | Permission to make a modification to an Asset in the workspace. | In Progress, Draft | Yes | Yes | Yes | Yes | No | NA | NA |
In Progress, Proposed | Yes | Yes | Yes | No | No | NA | NA | ||
Active, Published | Yes | Yes | Yes | No | No | NA | NA | ||
Active, Unpublished | Yes | Yes | Yes | No | No | NA | NA | ||
Delete | Permission to permanently delete an Asset in the workspace. | In Progress, Draft | Yes | Yes | Yes | Yes | No | NA | NA |
In Progress, Proposed | Yes | No | No | No | No | NA | NA | ||
In Progress, Rejected | Yes | Yes | Yes | Yes | No | NA | NA | ||
Active, Deprecated | Yes | Yes | Yes | Yes | No | NA | NA | ||
Propose | Permission to propose a draft Asset for activation, publication or rejection. | In Progress, Draft | Yes | Yes | Yes | Yes | No | NA | NA |
Reject | Permission to reject an Asset proposal. | In Progress, Proposed | Yes | Yes | Yes | No | No | NA | NA |
Edit | Permission to edit a rejected Asset. | In Progress, Rejected | Yes | Yes | Yes | Yes | No | NA | NA |
Activate | Permission to activate an Asset. | In Progress, Draft | Yes | Yes | Yes | No | No | NA | NA |
In Progress, Proposed | Yes | Yes | Yes | No | No | NA | NA | ||
Activate and publish | Permission to activate and publish an Asset. | In Progress, Draft | Yes | Yes | Yes | No | No | NA | NA |
In Progress, Proposed | Yes | Yes | Yes | No | No | NA | NA | ||
Publish | Permission to publish an active Asset. | Active, Unpublished | Yes | Yes | Yes | No | No | NA | NA |
Unpublish | Permission to unpublish an active Asset. | Active, Published | Yes | Yes | Yes | No | No | NA | NA |
Productize | Permission to productize an Asset. | Active, Unpublished | Yes | Yes | Yes | Yes | No | NA | NA |
Active, Published | Yes | Yes | Yes | Yes | No | NA | NA | ||
Duplicate | Permission to duplicate an Asset, creating a new draft Asset. | Active, Unpublished | Yes | Yes | Yes | Yes | No | NA | NA |
Active, Published | Yes | Yes | Yes | Yes | No | NA | NA | ||
Active, Deprecated | Yes | Yes | Yes | Yes | No | NA | NA | ||
Deprecate | Permission to deprecate an active Asset. | Active, Unpublished | Yes | Yes | Yes | No | No | NA | NA |
Active, Published | Yes | Yes | Yes | No | No | NA | NA |
Application permissions
The following table summarizes the permitted actions concerning the Application lifecycle. The permissions may differ depending on the state of the APP. All combinations of actions and states not included are to be considered as not permitted, according to the principle of least privilege.
Action | Description | Lifecycle Status | Owner | Organization Admin | Group Admin | Contributor | Consumer | Guest | Visitor |
|---|---|---|---|---|---|---|---|---|---|
Create | Permission to create a new APPLICATION. The action is independent of the lifecycle status. | NA | Yes | Yes | Yes | Yes | Yes | NA | NA |
View all | Permission to view all APPs in one's own organization, regardless of the group to which the user belongs. The action is independent of the lifecycle status. | NA | Yes | Yes | No | No | No | NA | NA |
Save | Permission to make a modification to an APP in the workspace. | Concept, Draft | Yes | Yes | Yes | Yes | No | NA | NA |
Concept, Proposed | Yes | Yes | Yes | No | No | NA | NA | ||
Published, Active | Yes | Yes | Yes | No | No | NA | NA | ||
Delete | Permission to permanently delete an APP in the workspace. | Concept, Draft | Yes | Yes | Yes | Yes | No | NA | NA |
Concept, Proposed | Yes | No | No | No | No | NA | NA | ||
Concept, Rejected | Yes | Yes | Yes | No | No | NA | NA | ||
Retired, Retired | Yes | No | No | No | No | NA | NA | ||
Propose | Permission to propose an APP concept for activation or rejection | Concept, Draft | Yes | Yes | Yes | Yes | No | NA | NA |
Reject | Permission to reject an APP proposal. | Concept, Proposed | Yes | Yes | Yes | No | No | NA | NA |
Activate | Permission to activate a suspended application. | Concept, Draft | Yes | Yes | Yes | No | No | NA | NA |
Concept, Proposed | Yes | Yes | Yes | No | No | NA | NA | ||
Published, Suspended | Yes | Yes | Yes | No | No | NA | NA | ||
Suspend | Permission to suspend an active application. | Published, Active | Yes | Yes | Yes | No | No | NA | NA |
Retire | Permission to retire an activated or suspended application. This operation will also permanently delete any associated subscriptions. | Published, Active | Yes | Yes | Yes | No | No | NA | NA |
Published, Suspended | Yes | Yes | Yes | No | No | NA | NA | ||
Retry | Permission to retry integration with the gateway in the event of an error. | Published, Activation error | Yes | Yes | Yes | No | No | NA | NA |
Published, Retiring error | Yes | Yes | Yes | No | No | NA | NA | ||
Published, Suspension error | Yes | Yes | Yes | No | No | NA | NA |
Subscription permissions
The following table summarizes the permitted actions concerning the Subscription lifecycle. The permissions may differ depending on the state of the subscription and depending on whether a subscription has been requested or received.. All combinations of actions and states not included are to be considered as not permitted, according to the principle of least privilege.
Action | Description | Lifecycle Status | Owner | Organization Admin | Group Admin | Contributor | Consumer | Guest | Visitor |
|---|---|---|---|---|---|---|---|---|---|
Subscription Requested | |||||||||
View all | Permission to view all requested subscription in one's own organization, regardless of the group to which the user belongs. The action is independent of the lifecycle status. | NA | Yes | Yes | No | No | No | NA | NA |
Save | Permission to make a modification to an existing subscription. | Pending, New | Yes | Yes | Yes | No | No | NA | NA |
Delete | Permission to permanently delete a subscription. | Pending, New | Yes | Yes | Yes | No | No | NA | NA |
Rejected, Rejected | Yes | Yes | Yes | No | No | NA | NA | ||
Revoked, Api retired | Yes | Yes | Yes | No | No | NA | NA | ||
Suspend | Permission to temporarily or indefinitely suspend a subscription. | Active, Active | Yes | No | No | No | No | NA | NA |
Edit | Permission to propose a modification to an existing subscription. | Active, Active | Yes | Yes | Yes | Yes | No | NA | NA |
Reject | Permission to reject a subscription request. | Active, Pending for approval | Yes | No | No | No | No | NA | NA |
Pending, New | Yes | No | No | No | No | NA | NA | ||
Accept | Permission to accept and activate a subscription request. | Active, Pending for approval | Yes | No | No | No | No | NA | NA |
Pending, New | Yes | No | No | No | No | NA | NA | ||
Activate | Permission to activate a subscription. | Suspended, Suspended | Yes | No | No | No | No | NA | NA |
Retry | Permission to retry integration with the gateway in the event of an error. | Active, Suspension error | Yes | No | No | No | No | NA | NA |
Active, Update error | Yes | No | No | No | No | NA | NA | ||
Pending, Activation error | Yes | No | No | No | No | NA | NA | ||
Suspended, Activation error | Yes | No | No | No | No | NA | NA | ||
Subscription Received | |||||||||
View all | Permission to view all received subscription in one's own organization, regardless of the group to which the user belongs. The action is independent of the lifecycle status. | NA | Yes | Yes | No | No | No | NA | NA |
Save | Permission to make a modification to an existing subscription. | Pending, New | Yes | No | No | No | No | NA | NA |
Delete | Permission to permanently delete a subscription. | Pending, New | Yes | No | No | No | No | NA | NA |
Rejected, Rejected | Yes | No | No | No | No | NA | NA | ||
Revoked, Api retired | Yes | No | No | No | No | NA | NA | ||
Suspend | Permission to temporarily or indefinitely suspend a subscription. | Active, Active | Yes | Yes | Yes | No | No | NA | NA |
Edit | Permission to propose a modification to an existing subscription. | Active, Active | Yes | No | No | No | No | NA | NA |
Reject | Permission to reject a subscription request. | Active, Pending for approval | Yes | Yes | Yes | No | No | NA | NA |
Pending, New | Yes | Yes | Yes | No | No | NA | NA | ||
Accept | Permission to accept and activate a subscription request. | Active, Pending for approval | Yes | Yes | Yes | No | No | NA | NA |
Pending, New | Yes | Yes | Yes | No | No | NA | NA | ||
Activate | Permission to activate a subscription. | Suspended, Suspended | Yes | Yes | Yes | No | No | NA | NA |
Retry | Permission to retry integration with the gateway in the event of an error. | Active, Suspension error | Yes | Yes | Yes | No | No | NA | NA |
Active, Update error | Yes | Yes | Yes | No | No | NA | NA | ||
Pending, Activation error | Yes | Yes | Yes | No | No | NA | NA | ||
Suspended, Activation error | Yes | Yes | Yes | No | No | NA | NA | ||
Organization-Group permissions
The following table summarizes the allowed actions concerning organizations and groups.
Action | Description | Owner | Organization Admin | Group Admin | Contributor | Consumer | Guest | Visitor |
|---|---|---|---|---|---|---|---|---|
Organization | ||||||||
Add [Organization] | Permission to create a new organization | Yes | No | No | No | No | NA | NA |
Add [Group] | Permission to create a new group associated with an organization. | Yes | Yes | No | No | No | NA | NA |
Edit | Permission to edit an organization (Name, Organization Contact, Description, Set internal /external). | Yes | Yes | No | No | No | NA | NA |
Delete | Permission to remove an organization. | Yes | No | No | No | No | NA | NA |
Synchronize [All organizations] | Permission to synchronise all tenant organizations simultaneously. Allowed only if the synchronization of organizations with the gateway is enabled. | Yes | No | No | No | No | NA | NA |
Synchronize | Permission to synchronise an organization. Allowed only if the synchronization of organizations with the gateway is enabled. | Yes | Yes | No | No | No | NA | NA |
Group | ||||||||
Quit | Permission that allows a user to remove themselves from a group. | NA | Yes | Yes | Yes | Yes | NA | NA |
Auto edit role | Permission that allows a user to change their role | NA | No | No | No | No | NA | NA |
Add user [Org Admin group] | Permission that allows a user to invite/add users to the 'org admins' group. | Yes | Yes | No | No | No | NA | NA |
Add user [My groups] | Permission that allows a user to invite/add other users to their own group | NA | NA | Yes | No | No | NA | NA |
Add user [Not my groups] | Permission that allows a user to invite/add other users in all the organization's groups except his own group | Yes | Yes | No | No | No | NA | NA |
Edit user [Org Admin group] | Permission that allows a user to change the role of another user in the 'org admins' group. (currently never possible) | No | No | No | No | No | NA | NA |
Edit user [My groups] | Permission that allows a user to change the role of another user in his own group | NA | NA | Yes | No | No | NA | NA |
Edit user [Not my groups] | Permission that allows a user to change the role of another user in all groups in the organization except his own group. | Yes | Yes | No | No | No | NA | NA |
Remove user [Org Admin group] | Permission to remove a user from the 'org admins' group. | Yes | Yes | No | No | No | NA | NA |
Remove user [My groups] | Permission allowing a user to remove another user from their own group | NA | NA | Yes | No | No | NA | NA |
Remove user [Not my groups] | Permission allowing a user to remove another user from any group in the organisation other than their own group. | Yes | Yes | No | No | No | NA | NA |
Edit [Org Admin group] | Permission to edit the 'org admins' group (Name, Group Contact, Description). | Yes | Yes | No | No | No | NA | NA |
Edit [My groups] | Permission to edit one's own group (Name, Group Contact, Description). | NA | NA | Yes | No | No | NA | NA |
Edit [Not my groups] | Permission to edit any group in the organisation except one's own | Yes | Yes | No | No | No | NA | NA |
Delete [Org Admin group] | Permission to remove the group 'org admins'. (currently never possible) | No | No | No | No | No | NA | NA |
Delete [My groups] | Permission that allows the user to remove the group to which he belongs. (currently never possible) | NA | NA | No | No | No | NA | NA |
Delete [Not my groups] | Permission to remove any group in the organisation except the one to which the user belongs. | Yes | Yes | No | No | No | NA | NA |
Custom roles and access control
The Owner can create and manage custom roles through the Administration > Roles section in ApiShare. This functionality allows for precise control over access and governance, ensuring that roles reflect the organization’s internal policies and operational structure.
Custom role configuration
Within the Administration > Roles section, the Owner can:
Create new custom roles
Roles can be created with a selected Role Type, choosing between:Tenant Admin: for users with full visibility and control across the tenant
Group Member: for users operating within a specific organization or group
The Guest Role Type is system-managed and includes the default Guest and Visitor roles, which are not customizable.
Configure permissions
The Owner can define granular access by adjusting:Environment-level permissions: Access to APIs in Development, Test, and Production
Entity-level permissions: Management of:
Applications
Organizations
Groups
Subscriptions
Products
Assets
Keyset
View default roles
Review the predefined roles available in ApiShare to understand their structure and default permissions.Clone existing roles
Duplicate any role to quickly create a new one with similar settings, then customize as needed.
Benefits of custom roles
The ability to configure custom roles provides the following advantages:
Greater control over API governance: Organizations can define precise access permissions aligned with security policies.
Separation of duties: Ensures compliance by granting the minimum required permissions to each role.
Scalable and consistent governance: Custom roles, classified by Role Type, support complex multi-tenant API ecosystems and make each role’s operational scope explicit. This enables different governance models for internal teams, partners, and citizen developers, while simplifying access management.
Security and Compliance: Limits access to sensitive APIs and ensures that governance workflows align with company-wide security policies