By default, everyone in your organization is permitted to view the APIs that you create. However, only you (as the owner of the API) and users who belong to a role with the "Manage Assets" permission for your organization are allowed to view, edit and delete these API. To enable other users to view, edit and/or delete an API that you have created, you must modify the API's permission settings.
The following sections describe how to set permissions on an API.
When setting permissions on APIs, keep the following points in mind:
To set permissions on an API, you must belong to a role that has the "Manage Assets" permission or have the Full instance-level permission on the API itself.
You can assign permissions to any individual user or group defined in CentraSite.
The groups to which you can assign permissions include the following system-defined groups:
| Group Name | Description |
|---|---|
| Users | All users within a specified organization. |
| Members | All users within a specified organization and its child organizations. |
| Everyone | All users of CentraSite including guest users (if your CentraSite permits access by guests). |
If a user is affected by multiple permission assignments, the user receives the union of all the assignments. For example, if group ABC has Modify permission on an API and group XYZ has Full permission on the same API, users that belong to both groups will, in effect, receive Full permission on the API.
The same principle applies to users who have both role-based permissions and instance-level permissions on the same API. In this case, users receive the union of the role-based permission and the instance-level permission on the API.
If you intend to give users in other organizations access to the API, and the API includes supporting documents that you want those users to be able to view, make sure you give those users permission to view the supporting documents as well as the API itself.
To assign permissions to an API
In CentraSite Business UI, display the details page for the API whose permissions you want to edit. If you need procedures for this step, see the section Viewing Details for an API.
On the API's actions menu, click the
icon.
In the Assign Permissions dialog box, select the users or groups to which you want to assign permissions.
Use the View, Modify and Full check boxes to assign specific permissions to each user and/or group in the User/Group Permissions list as follows:
| Permission | Allows the selected user or group to... |
|---|---|
View  |
View the API. |
Modify  |
View and edit the API. |
Full  |
View, edit and delete the API. This permission also allows the selected user or group to assign instance-level permissions to the API. |
When you assign instance-level permissions on an API, the related objects (for example, bindings, operations, interfaces etc.,) receive the same permissions that are assigned on the API.
Expand the Advanced Settings section, and do the following:
To ensure that the dependent APIs (for example, a WSDL or schema) receive the same permissions, select the checkbox Propagate asset permissions. If you unselect this checkbox, the permissions of the dependent APIs will not be modified.
To ensure that the dependent APIs of the same object type receive the same profile permissions, select the checkbox Propagate profile permissions.
If at any time, you wish to remove one or more users' or groups'
permissions, click the 
icon next to
the user or group name.
Click the button to save the permission settings.
When you have finished making your changes, click the
icon.
To assign instance-level permissions on an API's profiles
Choose the API's Permissions action.
Locate the user or group for which you wish to set profile permissions. Then click the arrow icon beside the user or group name to open the profile permission list.
Use the checkboxes to indicate which profiles the user or group is permitted to view or modify.
Click to save the new permission settings.
When you have finished making your changes, click the
icon.
