To add or update an Access ProfileTo add or update an Access Profile
> Access Profiles. Field | Description |
Name | Provide a name for the Access Profile. You can reference the profile by name when assigning it to a user. |
Description | Provide a general description for the Access Profile. |
Field | Description |
IP Address Ranges | For extra security, enter ranges of IP addresses from which users are allowed to access the platform. If a user attempts to login from a computer on a network outside of the specified range, access to the platform is denied. Note: A maximum of 25 IP address ranges can be specified. You can add, modify, and delete the entries. Accepted format is xxx.xxx.xxx.xxx - yyy.yyy.yyy.yyy, where xxx and yyy are numbers in the range 0-255 and xxx.xxx.xxx.xxx is less than or equal to yyy.yyy.yyy.yyy. To specify a single IP address, use the same IP address for the start and endpoint of the range: 192.168.1.1 - 192.168.1.1 When a user attempts to log in, the IP address of the system the request originated from is checked against the configured settings. If the address is in the allowed range, the user can continue the login process. Otherwise, login is denied. Access violations are recorded in the audit log, identifying both the user and the IP address from where the login attempt originated. Login restrictions do not apply to Customer Support logins. |
Field | Description |
Global Permissions | |
User and Ownership Controls | User Management - Select this option if you want to add, update, delete users, or assign users to Access Profiles. Access Control - Select this option if you want to allow a user to modify Access Profiles, edit ACLs, specify user application access rights, manage Access Profiles, specify the password policy, create, edit, and delete OAuth 2.0 clients and scopes, and delete OAuth 2.0 tokens. Manage Personal Setup - Select this option if you want to allow a user to modify the personal information, and generate or edit the user's own certificate. |
Account Controls | Manage Company Capabilities - Select this option if you want to allow users to modify the company information. Allow User Interface Access - Select this option if you want to allow users to log in to Integration Cloud and access the user interface. Clear this option if you want to deny users to access the user interface. Further, even if you clear this option, all users can still interact with Integration Cloud using REST interface calls. Note: If the Allow User Interface Access permission is not enabled for a user but if the user is a Partner user, that user will still be able to perform on-premises tasks. |
Data Management Controls | Manage Audit Log - Select this option if you want to allow users to view the Audit Log. If this option is enabled, the Audit Log page will be displayed. If not selected, the user will not be able to view the Audit log page. To view the Audit Log screen, from the Integration Cloud navigation bar, click Settings > Audit Log. |
Functional Controls | |
Select the required options under Assets, Stages, Advanced Security, and Application. You must select the required permissions to deploy, export, administer, upgrade, create, update, and delete those functions. | |
Project Permissions for Default Project | |
Here you will manage the permissions for new and existing assets only inside the Default project. See
Project Permissions for information. Select the required options under Accounts, Operations, Reference Data, Document Type, Integrations, REST APIs, SOAP APIs, and Listeners. Note: If you are a new tenant, the Default project is not available, so this section is not applicable. Your user's Access Profile controls only global permissions. | |
Field | Description |
User and Ownership Controls | User Management - Select this option if you want to create and manage users. |
Field | Description |
Manage APIs | To create and manage APIs. |
Activate/Deactivate APIs | To activate, deactivate and manage APIs. |
Publish to API Portal | To publish assets to API Portal. |
Manage Applications | To create and manage applications and register applications with the APIs. You cannot modify or delete an application if you are not the owner of the application. |
Manage aliases | To create and manage aliases. |
Manage Global Policies | To apply a global policy to all APIs or the selected set of APIs. |
Activate/Deactivate Global Policies | To activate and deactivate global policies. |
Manage Policy Templates | To apply one or more policy templates to an API. |
Manage Threat Protection Policies | To prevent malicious attacks on applications that typically involve large, recursive payloads, and SQL injections. |
Manage Packages and Plans | To create packages and plans, associate a plan with a package, and associate APIs with a package. In addition, you can view the list of packages, package details, APIs, and plans associated with the package. |
Activate/Deactivate Packages | To activate and deactivate packages. |
Import Assets | To import already exported APIs, application, policies, and aliases by selecting Username > Import in API Gateway. |
Export Assets | To export assets to your local system. |
Manage general administration configurations | To create and manage administration configurations. |
View Administration Configurations | To view administration configurations. |
Manage General Configurations | To manage general configurations. |
Manage Security Configurations | To create and manage security configurations. |
Manage Destination Configurations | To publish events and performance metrics data to the configured destinations. |
Manage System Settings | To create and manage system settings. |
Purge/Restore Runtime Events | To purge and restore events from the API Gateway store by setting the required date or duration in API Gateway. |
Manage Service Result Cache | To manage caching of the results of API invocations depending on the caching criteria defined. |
Manage Promotions | To add, modify, and delete API Gateway stages, or move API Gateway assets from the source stage to one or more target stages, or to rollback an asset promotion that is already available in the target stage at any time. |
API Portal Administrator | To manage all API Portal administrative tasks. |
API Portal Provider | To manage all API Portal provider tasks. |