Role-Based Access Control
Launchpad provides comprehensive Role-Based Access Control (RBAC) to secure your developer portal and APIs. Control who can access what at multiple levels of granularity.
RBAC Overview
Access control in Launchpad operates at multiple levels:
- Organization Level — Portal-wide permissions
- Team Level — Team-specific access
- Resource Level — Individual API/content access
Roles
Built-in Roles
Launchpad includes pre-configured roles:
| Role | Portal Admin | Content | APIs | Users |
|---|---|---|---|---|
| Administrator | Full | Full | Full | Full |
| Developer | None | Read | Use | None |
| Authenticated User | None | Read | Read | None |
Custom Roles
Create custom roles for your organization:
- Navigate to Configuration → Users → Role Management
- Click Add Role
- Name your role
- Select permissions from the permission matrix
- Save the role
Permissions
Portal/Admin Permissions
- manage.admin.configuration — Permission to access and manage admin configuration settings (read, update, delete)
- access.smtp.configuration — Permission to access and manage SMTP email configuration
- manage.apigee.configuration — Permission to access and manage Apigee API gateway configuration
- manage.branding — Permission to access and manage branding settings
- manage.theme — Permission to access and manage theme settings
User Permissions
- read.users — Permission to read/view users
- create.users — Permission to create new users
- update.users — Permission to update existing users
- delete.users — Permission to delete users
- manage.organization — Manage Apigee organizations (add, edit, delete, set primary)
- app.dashboard — Access the app dashboard to view and manage applications
App Permissions
- read.apps — Permission to read/view applications
- create.apps — Permission to create new applications
- update.apps — Permission to update existing applications
- delete.apps — Permission to delete applications
- manage.api.products — Manage API product configurations
- manage.api.specification — Manage API specification files and configurations
Page Builder Permissions
- view.page.builder — Access the page builder feature
- create.pages — Create new custom pages
- edit.pages — Edit existing custom pages
- delete.pages — Delete custom pages
- publish.pages — Publish pages to make them live
- use.ai.builder — Use AI-powered page generation
Resource-Level Access
API Access Control
Control access to specific APIs:
- Public — Anyone can view documentation
- Authenticated — Logged-in users only
- Team — Specific teams only
- Approved — Requires approval
Content Access Control
Control access to pages and content:
- Public pages visible to all
- Protected pages require login
- Team-restricted pages
- Role-based page visibility
API Product RBAC
API Products have their own access control:
Visibility Settings
- Public Catalog — Listed and accessible
- Unlisted — Accessible via direct link
- Private — Team-restricted
- Approval Required — Request access workflow
Subscription Access
- Free tier — Available to all
- Premium tier — Requires approval or payment
- Enterprise tier — Contract required
Permission Inheritance
Permissions cascade through the hierarchy:
- Organization — Base permissions
- Team — Add or restrict from org
- User — Individual overrides
- Resource — Specific access grants
Best Practices
Least Privilege
- Grant minimum permissions needed
- Use teams instead of individual grants
- Review and revoke unused access
- Avoid super admin for daily use
Role Design
- Keep roles focused and single-purpose
- Document role purposes
- Review roles periodically
- Avoid permission creep