AnsweredAssumed Answered

Is there any way to do role based access management in CA API Gateway (restrict a user from accessing one policy and allowing another), with Oauth2 Token in Authorization header?

Question asked by Rudra_Singh on Jun 29, 2018

I have 10 API Gateway "service call policies" all using the same template (Oauth2 Token check -> Json Request -> Route to backend Middleware system -> Response).

I have 2 LDAP groups with some common users across two groups. All the users within one group has same level of permission.

Both the Group's users are using the same client_Id & Secret for generating Oauth2 token using a common "Login" policy.

 

Is there any restriction or policy/assertion which can be implemented In the "service call policy" to prevent a user from accessing one "service call policy" but not the other ?

 

Thanks

Outcomes