API Hub Feature-Specific Roles and Permissions
This page provides an overview of roles and permissions for each API Hub feature, including API Hub for Portal, Design, Explore, Contract Testing, and Test. It details how administrators can manage user access and responsibilities. Each feature has unique role-based access controls (RBAC). Links to relevant documentation are included for in-depth guidance.
The following roles and permissions within the solution interface can be set and managed. See Adding and Managing Users for more information.
API Hub for Design
API Hub for Design offers a robust user management framework for user permissions.
Roles can be managed in the UI or User Management API.
Access can be set at the organization, project, and API levels, ensuring each user has the minimum required access.
Administrators can manage roles in bulk, which is ideal for large teams or dynamic projects.
Role | Role Permissions |
|---|---|
Owner | Invite Org Members, Change Access and Roles Create and Modify Projects Create Teams Modify Team Members and Resources Create Resource Edit Resources and Make a resource public. View, Delete, and Share Resources Comment on Resource Billing and Subscriptions Standardization - full access to controls Set Up Integrations |
Admin | A team admin can manage the members. Administrators cannot assign the team to team members' resources - add, remove, or change roles (between admin or member). The admin can also update the team description and delete the team. However, administrators cannot assign the team to resources limited to Owners. |
Roles and Permissions in API Hub for Design
Access for Users with No Role
Users without specific roles can still access API Hub for Design to view public APIs and organization domains.
API Hub for Design owners can assign users to the API or domain. All new users are assigned the User role (unless the default role has been updated in the system preferences). The User role is intended to work in conjunction with team assignments and, therefore, has managed team permissions (rather than manage permissions) for all resources associated with a team. The User role should be assigned to all developers, testers, and levels.
Collaborators
Collaborators are termed users without an assigned subscription and with one or more resource-level role assignments.
Multiple Roles
Users can hold multiple roles across different levels and resources:
See the Design Documentation for Role Management, Managing Member Roles, and Working with Organizations.
API Hub for Portal
API Hub for Portal leverages API Hub for Design’s user management controls to streamline the admin experience with Available Portal-Specific role assignments. See Role Management for more information on various roles and access.
Role | Role Permissions |
|---|---|
Organization-level owner | Assign roles. Delete products and portals. Use the “access requests” feature for all user permissions. |
Organization-level user | View all private products. |
Portal Product User | View product |
API Hub for Explore
In Explore, permissions can be set at the project level. See Managing Your Account.
Roles | Permissions |
|---|---|
Admin | Can edit endpoints and tests and Manage collaborators |
Editor | Can edit endpoints and test and invite collaborators |
Viewer | Can view endpoints and run tests |
API Hub for Contract Testing
Contract Testing includes predefined roles and supports customizable roles to meet organizational needs. Permissions are managed in the admin area of API Hub for Contact Testing. See Contract Testing Permissions for more information.
Roles | Permissions |
|---|---|
Administrator | For users who manage the contract, user, and platform-related configuration |
Organization Administrator | An administrator with no API or contract data access. Does not consume a paid seat. |
Organization Administrator | An administrator with no API or contract data access. Does not consume a paid seat. |
Team Administrator | For users who manage specific teams |
User | All new users are assigned the User role (unless the default role has been updated in the system preferences). The User role is intended to work in conjunction with team assignments and, therefore, has managed team permissions (rather than manage permissions) for all resources associated with a team. The User role should be assigned to all developers, testers, and other users who create and verify contracts on the PactFlow platform. |
CI/CD | This is for system accounts that query and publish contract data from CI/CD pipelines. |
Viewer | For users who should not modify any contract-related data |
Guest | A read-only user with no API access and a user with the guest role can only view contract-related data through the UI and has no API access. |
API Hub for Design | Read-only user for the Design integration |
SCIM | For the System Account used by the PactFlow SCIM API |
API Hub for Test (Beta)
API Hub for Test allows administrators to assign user roles to control access and permissions. Permissions are managed directly within the feature's admin pages, ensuring users have the appropriate level of access for their tasks. See API Hub for Test (Beta) documentation for more information.
Roles | Permissions |
|---|---|
Read-Only | Read-only users can view test results and receive email notifications but cannot create, edit, or delete tests. |
Editor | This is for users who create and run tests and suites. Editors can also create and modify variables. |
Administrator | Administrators can manage the account’s subscription plan, view the invoice history, edit the current payment method, and manage other Administrator users. |