Integration Cloud 6.1.0 | Settings | Access Profiles | Adding or Updating Access Profiles
 
Adding or Updating Access Profiles
Use the Access Profiles screen to create or edit profiles assigned to users.
*To add or update an Access Profile
1. From the Integration Cloud navigation bar, go to Settings > Access Profiles.
2. Click Add New Access Profile to add a custom access profile or click Edit to modify an existing Access Profile.
3. On the Add New Access Profile or Update Access Profile > Access Profile Information tab, complete the following fields. Required fields are marked with an asterisk on the screen.
Field
Description
Name
Provide a name for the Access Profile. You can reference the profile by name when assigning it to a user.
Description
Provide a general description for the Access Profile.
4. On the Login IP Address Restrictions page, complete the following fields:
Field
Description
IP Address Ranges
For extra security, enter ranges of IP addresses from which users are allowed to access the platform. If a user attempts to login from a computer on a network outside of the specified range, access to the platform is denied.
Note:
A maximum of 25 IP address ranges can be specified. You can add, modify, and delete the entries. Accepted format is xxx.xxx.xxx.xxx - yyy.yyy.yyy.yyy, where xxx and yyy are numbers in the range 0-255 and xxx.xxx.xxx.xxx is less than or equal to yyy.yyy.yyy.yyy. To specify a single IP address, use the same IP address for the start and endpoint of the range: 192.168.1.1 - 192.168.1.1
When a user attempts to log in, the IP address of the system the request originated from is checked against the configured settings. If the address is in the allowed range, the user can continue the login process. Otherwise, login is denied. Access violations are recorded in the audit log, identifying both the user and the IP address from where the login attempt originated. Login restrictions do not apply to Customer Support logins.
5. On the Administrative Permissions page, select the operations a user can perform in order to access, view, create, update, upgrade, administer, execute, export, deploy, and delete and to allow the user to customize selected aspects of the platform.
Field
Description
Global Permissions
User and Ownership Controls
User Management - Select this option if you want to add, update, delete users, or assign users to Access Profiles.
Access Control - Select this option if you want to allow a user to modify Access Profiles, edit ACLs, specify user application access rights, manage Access Profiles, specify the password policy, create, edit, and delete OAuth 2.0 clients and scopes, and delete OAuth 2.0 tokens.
Manage Personal Setup - Select this option if you want to allow a user to modify the personal information, and generate or edit the user's own certificate.
Account Controls
Manage Company Capabilities - Select this option if you want to allow users to modify the company information.
Allow User Interface Access - Select this option if you want to allow users to log in to Integration Cloud and access the user interface. Clear this option if you want to deny users to access the user interface. Further, even if you clear this option, all users can still interact with Integration Cloud using REST interface calls.
Note:
If the Allow User Interface Access permission is not enabled for a user but if the user is a Partner user, that user will still be able to perform on-premises tasks.
Data Management Controls
Manage Audit Log - Select this option if you want to allow users to view the Audit Log. If this option is enabled, the Audit Log page will be displayed. If not selected, the user will not be able to view the Audit log page. To view the Audit Log screen, from the Integration Cloud navigation bar, click Monitor > Audit Log.
Functional Controls
Select the required options under Assets, Stages, Advanced Security, Application, Solution, and Database. You must select the required permissions to deploy, export, administer, upgrade, create, update, and delete those functions.
Project Permissions for Default Project
Here you will manage the permissions for new and existing assets inside the Default project. See Project Permissions for information. Select the required options under Accounts, Operations, Reference Data, Document Type, Integrations, REST APIs, SOAP APIs, and Listeners.
Note:
If you are a new tenant, the Default project is not available, so this section is not applicable. Your user's Access Profile controls only global permissions.
6. On the Container page, enter the names of the webMethods Integration Server Access Control List (ACL) groups separated by a comma, for example, Administrators, Developers, and so on. Users who are assigned to this Access Profile will be now part of the webMethods Integration Server container user group (s) and can perform tasks allowed for those user groups. If you do not map an Access Profile to an webMethods Integration Server group, you will not be able to invoke webMethods Integration Server services. For information about user groups, see the Managing Users and Groups section in the webMethods Integration Server Administrator’s Guide.
Note:
The Container tab and Container related Administrative permissions are available only if you have the required license for Containers.
Note:
Integration Cloud Administrator profiles are not automatically assigned to the webMethods Integration Server Administrators ACL group. If you do not enter any user groups in the Container User Groups field, but have configured webMethods Integration Server in a way such that it needs to verify the ACL groups you have entered in the Container User Groups field while invoking services, you will not be able to run or invoke webMethods Integration Server services from Integration Cloud.
7. The API Management tab displays the API management permissions.
Note:
Integration Cloud provides the user management capability for API Gateway. You can create and manage API Management Access Profiles provided you have the required API Gateway Cloud and/or API Portal Cloud licenses.
Field
Description
User and Ownership Controls
User Management - Select this option if you want to create and manage users.
Select the following Functional Controls based on your requirements:
Field
Description
Manage APIs
To create and manage APIs.
Activate/Deactivate APIs
To activate, deactivate and manage APIs.
Publish to API Portal
To publish assets to API Portal.
Manage Applications
To create and manage applications and register applications with the APIs. You cannot modify or delete an application if you are not the owner of the application.
Manage aliases
To create and manage aliases.
Manage Global Policies
To apply a global policy to all APIs or the selected set of APIs.
Activate/Deactivate Global Policies
To activate and deactivate global policies.
Manage Policy Templates
To apply one or more policy templates to an API.
Manage Threat Protection Policies
To prevent malicious attacks on applications that typically involve large, recursive payloads, and SQL injections.
Manage Packages and Plans
To create packages and plans, associate a plan with a package, and associate APIs with a package. In addition, you can view the list of packages, package details, APIs, and plans associated with the package.
Activate/Deactivate Packages
To activate and deactivate packages.
Import Assets
To import already exported APIs, application, policies, and aliases by selecting Username > Import in API Gateway.
Export Assets
To export assets to your local system.
Manage general administration configurations
To create and manage administration configurations.
View Administration Configurations
To view administration configurations.
Manage General Configurations
To manage general configurations.
Manage Security Configurations
To create and manage security configurations.
Manage Destination Configurations
To publish events and performance metrics data to the configured destinations.
Manage System Settings
To create and manage system settings.
Purge/Restore Runtime Events
To purge and restore events from the API Gateway store by setting the required date or duration in API Gateway.
Manage Service Result Cache
To manage caching of the results of API invocations depending on the caching criteria defined.
Manage Promotions
To add, modify, and delete API Gateway stages, or move API Gateway assets from the source stage to one or more target stages, or to rollback an asset promotion that is already available in the target stage at any time.
API Portal Administrator
To manage all API Portal administrative tasks.
API Portal Provider
To manage all API Portal provider tasks.
8. The Solution Permissions page displays the webMethods Integration Server User Groups for all the solutions. You can map webMethods Integration Server user groups to an Access Profile. Enter the names of the webMethods Integration Server User Groups separated by a comma, for example, Administrators, Developers, and so on. Integration Cloud users who are assigned to this Access Profile will then be a part of the webMethods Integration Server user group(s) and can perform tasks allowed for those user groups. If you do not map an Access Profile to a webMethods Integration Server user group, you will not be able to view, edit, or run webMethods Integration Server services in a solution. For information about user groups, see the Managing Users and Groups section in the webMethods Integration Server Administrator’s Guide.
Note:
Integration Cloud Administrator profiles are automatically assigned to the webMethods Integration Server Administrators User Group.
Note:
To view and access webMethods Integration Server packages in Integration Cloud, you must assign any custom user groups created in webMethods Integration Server, which are assigned to Access Profiles in the Solution Permissions page, to the following Access Control Lists in webMethods Integration Server: Administrators ACL, Developers ACL, and Replicators ACL.
9. Click Apply.
The new Access Profile appears in the Access Profiles page.
10. Click on the Access Profile link in the Access Profiles page. In the Associated Users page, you can view the active users associated with the selected Access Profile. In the Associated ACLs page, you can view the Access Control Lists associated with the selected Access Profile.