API product access control improvements

[arlina-espinoza]

Follow up for #197. Currently, enabling monetization disables the API product entity access control provided by the apigee_edge_apiproduct_rbac module, showing users only API products for which a developer has accepted a rate plan and API products that are public and do not have a published rate plan (ignoring RBAC).

After discussing with team, we agreed that our approach should be:

1. If an API product is non monetized, the RBAC module or Apigee Edge simple access control will determine if it is visible.
2. For monetized API Products, show all API Products which the developer has accepted the rate plan.

[anoopgoel]

Hi Team,

Hope you are doing well. As part of one of the use case, I need to have role based access to api product and also monetization feature is needed.

I am also facing the same issue as mentioned above and on Issue:197-
"Enabling monetization module disables the API product access control provided by apigee_edge_apiproduct_rbac module".

If I uninstall monetization module then able to assign role based access to api product. But with monetization module, RBAC to api product not working.

Is there any solution for the above issue. If yes, please help me with the same. @arlina-espinoza , @cnovak

Thanks in advance!
Anoop Goel

[kedarkhaire]

Hi @anoopgoel
While using Monetization, you can only see those products to those you are subscribed. The products cannot be managed with role based access.
For further more details related to Access to Monetization refer this guide.

Thanks!

[anoopgoel]

Hi @kedarkhaire ,
Thanks for your reply.
However, there are few products which are non-monetized and few products are monetized. Currently both the modules "apigee_edge_apiproduct_rbac and Monetization" are enabled. Having both the modules enabled, I expected it to work in below manner:

1. Non-Monetized products - Should be controlled via module "apigee_edge_apiproduct_rbac" and non-monetized products should be visible based on the role assigned to the user/group.
2. Monetized products - Only products, based on the role, should be visible under "Buy APIs".

But above is NOT happening. And once both the modules are installed then all products (monetized and non-monetized) are getting visible to the user (irrespective of the role). If I un-install monetization module then non-monetized products are visible to the user based on their roles.

Please suggest how it can be resolved if need is to use both the modules.

Thanks!

[anoopgoel]

Hi @kedarkhaire , Thanks for your reply. However, there are few products which are non-monetized and few products are monetized. Currently both the modules "apigee_edge_apiproduct_rbac and Monetization" are enabled. Having both the modules enabled, I expected it to work in below manner:

1. Non-Monetized products - Should be controlled via module "apigee_edge_apiproduct_rbac" and non-monetized products should be visible based on the role assigned to the user/group.
2. Monetized products - Only products, based on the role, should be visible under "Buy APIs".

But above is NOT happening. And once both the modules are installed then all products (monetized and non-monetized) are getting visible to the user (irrespective of the role). If I un-install monetization module then non-monetized products are visible to the user based on their roles.

Please suggest how it can be resolved if need is to use both the modules.

Thanks!

Hi Team,

Any suggestions on this please ?

Thanks!