wso2 / product-apim

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
845 stars 785 forks source link

Create a group that can see restricted API in the Dev Portal but can't subscribe API #9539

Open stefanonegri opened 3 years ago

stefanonegri commented 3 years ago

Description:

For WSO2 APIM, I have a prospect who needs to have a role that permits to log into devportal and view all the published APIs - both public and restricted by roles. This role should not have permissions to subscribe APIs. Is it someway possible?

Steps to reproduce:

Affected Product Version:

Environment details (with versions):


Optional Fields

Related Issues:

Suggested Labels:

Suggested Assignees:

tmkasun commented 3 years ago

Hi @stefanonegri

No, It's not possible of the box.

@malinthaprasan To test this capability, I have added role permissions from the admin portal to a new role as below

image

Adding all the scopes excluding apim:sub_manage in store permission, But still I was able to subscribe for APIs with a user who has only this custom role.(I restarted the server after changing the permissions just to make sure no caching effects 😃 )

Could this be a bug ?