How can we improve Azure API Management?

Improved RBAC roles for API Management

Right now, Azure RBAC only has 3 API Management specific roles defined: API Management Service Contributor, API Management Service Operator and API Management Service Reader.

These are OK, but they are not enough for many customers. In particular, many customers require giving developers or architects permissions to define and manage APIs without touching anything else (i.e no product, security, or similar configurations).

While this is potentially possible to do using custom RBAC roles, doing so in a way that keeps everything working correctly and that does not break when the PG changes the way the portal works is non-trivial.

So having a role that grants that level of behavior without forcing the user to grant full contributor role would be very nice.

19 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Tomas Restrepo shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    We also need API View-Only Role for PROD, where business can come and View their API Configurations and the related Analytics. But no access to view the other configurations (VNet, Custom Domains, Protocols etc), also NO Access to TEST the APIs in PROD.

Feedback and Knowledge Base