Allow different publisher teams to edit only their API's
We have different product teams surfacing API's for their products that we present in our company's APIM instance, however the ability to edit an API (or view the contents of secret variables) in APIM from a permissions standpoint is currently an all or nothing proposition, an extension of RBAC (or similar) to restrict privileged access to individual API's / associated secrets would allow us to delegate responsibility for keeping API's current to the product teams rather than needing to manage the APIM centrally with product teems needing to submit requests for change to the central team.
Adam Coulter commented
Allow existing RBAC roles to scoped to API management child APIs and Products, we dont need new roles, just ability to scope them on APIM child "resources".
Pankaj Singh Negi commented
We host multiple web apis for different audience and want to provide them full access to APIM (for targetted APIs and APIM product) so that they could update and introduce new API's in the centrally hosted APIM. If we have logical group with its own security scope then we just need to add API and product resource in that logical group and grant permission to that scope using RBAC custom role. That will allow user to customize API and products without conflicting with APIs.