AnsweredAssumed Answered

What is the drawback of turning off the autocreation of Manage service/policy/folder roles

Question asked by pwhelan81 on Jul 26, 2017
Latest reply on Aug 3, 2017 by Stephen_Hughes

I find role management a little convoluted in the API Gateway.  The list of roles is ridiculously long for a gateawy with many folders and services due to the auto-created "Manage" and "View"   roles. According to the documentation

 

"Tip: The auto-creation of these roles can be turned off by using the rbac.autoRole.manage<name>.autoAssign cluster properties, where "<name>" is "Policy", "Provider", or "Service". "   I have the following questions:

 

1. What is the negative consequences of turning this off?  I believe if I can explicity grant group/user access to certain folders then they will inherit the ability to manage the subfolders and polices/services therein? Correct?

 

2. If I user this cluster property turn off this autocreation, will it have any effect on the already existing roles

Outcomes