Manage users in the Apigee UI

You can add users in the GCP Console. When you do this, the user is granted the same access to all environments in the organization. However, you can refine each user's access by using the UI.

The UI lets you assign roles to users per environment: you use it to refine each user from having the same role in all environments to assigning a specific role or roles for that user for each environment.

This section describes how to add, change, and remove users with the UI.

Add user accounts in the UI

When you first configure Apigee and create the Google Cloud project to which the Apigee organization is bound, you typically add a couple of users with different roles like Deployer and API Creator. Because these users were defined at the GCP project level, they can access all environments with that level of access.

By using the UI, though, you can set roles of existing users at the environment level.

To specify user permissions for an environment:

  1. Ensure that you have already added the user to your GCP project. For information on adding users to a GCP project, see Granting, changing, and revoking access to resources.
  2. Open the Apigee UI in a browser.
  3. Select Admin > Environments > Access in the left navigation menu.
  4. Select the environment name from the drop-down list.

    The UI displays a list of current user accounts and roles for the selected environment:

  5. Click +Grant Access in the upper right.

    The Grant Access to Environment dialog box displays:

  6. Enter the user account's email address in the first field. This email address is typically one of the following:
    • A Google account (for example, fred@gmail.com). All Gmail accounts are Google accounts, but you can also register email addresses with different domains as Google accounts.
    • A Google Group alias. For example, address@googlegroups.com.
    • A service account. For example, address@example.gserviceaccount.com.
    • A G Suite domain. For example, address@example.com, where example.com is a domain that you used when you signed up for Google Cloud services.
  7. Select a role from the Role drop-down list and click Add. You can add more than one role for each user.
  8. Repeat this process for each environment for which you want to specify the user's role.
  9. You can remove a user account from an environment using the UI, but that user account will still have the access that it was granted in the Google Cloud Console unless you also remove the user from the Console by default.

    Remove user accounts

    Removing a user at the environment level does not remove the user at the GCP project level. As a result, the user can still access all environments with their GCP project level permissions.

    To revoke the user's access entirely, you must remove them from the GCP project as described in Revoking Access to Google Cloud Platform.

    To remove a user from an environment:

    1. Open the Apigee UI in a browser.
    2. Select Admin > Environments > Access in the left navigation menu.
    3. Select the environment name from the drop-down list.

      The UI displays a list of current users for the selected environment.

    4. In the user's row, click the trash barrel icon.

      The UI displays a confirmation dialog box:

    5. Click Revoke.

      The UI removes that user from the environment.

    Change user roles in the UI

    You can change a user's role on a per-environment basis by using the UI. This includes adding additional roles to a user account or removing one or more roles from the user account.

    To change a user's roles for an environment:

    1. Open the Apigee UI in a browser.
    2. Select Admin > Environments > Access in the left navigation menu.
    3. Select the environment name from the drop-down list.

      The UI displays a list of current users for the selected environment.

    4. In the user's row, click the pencil icon.

      The UI displays the Manage Roles dialog box:

    5. Do one of the following:
      1. To remove a role: Click the X next to that role.
      2. To change a role: Select a new role from the drop-down list of roles.
      3. To add another role: Click Add another role.
    6. Click Apply.

      The UI applies your changes to the user in that environment.