Came across a question on API Manager tenancy ...
As per docs [1]
"WSO2 API Manager supports creating multiple tenants and managing APIs in a tenant-isolated manner. When you create multiple tenants in an API Manager deployment, the API Stores of each tenant will be displayed in a muti-tenanted view for all users to browse and permitted users to subscribe to. "
Let's try it and see !!
Step 1 - Create a tenant
- Login to management console - https://localhost:9443/carbon/
- Create a new tenant from Home > Configure > Multitenancy > Add New Tenant - lets say my tenant is
- Now if you check in API Store, you will see tenant domains there.
When you click on above, you will be taken to's API store.
Lets try working within a tenant and see;
Step 2 - Create users within the tenant
We need 3 user roles - creator, publisher and subscriber
- Login to management console, using tenant admin's credentials
- Create a new user role from Home > Configure > Users and Roles > Roles
- name - creator
- permissions - as given in [2]
- Create a role for subscriber
- name -subscriber
- permissions - login, Manage -> API ->Subscribe [3]
- Create a role for publisher
- name -publisher
- permissions -login, Manage -> API ->Publish [4]
- Create 3 users and assign them to each role.
- when you login to publisher (https://localhost:9443/publisher/) from creator's login- you should see an option to add APIs
- When you login from publisher's login, you should not see an option
to add APIs. You will only be able to list APIs and publish them.
- Finally, you will not have sufficient privileges to login to publisher using subscriber's login.
Step 3 - Create and publish API
- Login to 'API Publisher' from creator's account and create a new API.
Step 4 - View the API from store
- Now login to API Store using subscriber's account
- You will see the above API.
Another test:
- Create another tenant, try login to tenant 1's ( store, you are not allowed!
- Login to tenan 3's store and see if you see any of tenant 1's APIs. No! because of tenancy.
NOTE: In earlier versions of APIM (APIM-1.4.0), we had a concept of
allowing selected tenant's view other tenant's APIs. But it is not
available in latest releases.
[3] - subscriber role
[4] - publisher role
No comments:
Post a Comment