Manage users in the Apigee UI

You're viewing Apigee X documentation.
View Apigee Edge documentation.

You can add users in the Google Cloud Console. When you do this, the user is granted the same access to all environments in the organization. However, you can refine each user's access by using the UI.

The UI lets you assign roles to users per environment: you use it to refine each user from having the same role in all environments to assigning a specific role or roles for that user for each environment.

This section describes how to add, change, and remove users with the UI.

Add user accounts in the UI

When you first configure Apigee and create the Google Cloud project to which the Apigee organization is bound, you typically add a couple of users with different roles like API Admin and Environment Admin. Because these users were defined at the Cloud Project project level, they can access all environments with that level of access.

By using the UI, though, you can set roles of existing users at the environment level.

To specify user permissions for an environment:

  1. Ensure that you have already added the user to your Google Cloud project. For information on adding users to a Google Cloud project, see Granting, changing, and revoking access to resources.
  2. Open the Apigee UI in a browser.
  3. Select Admin > Environments > Access in the left navigation menu.
  4. Select the environment name from the drop-down list.

    The UI displays a list of current user accounts and roles for the selected environment:

  5. Click +Grant Access.

    The Grant Access to Environment dialog box displays:

  6. Enter the user account's email address in the first field. This email address is typically one of the following:
    • A Google account (for example, fred@gmail.com). All Gmail accounts are Google accounts, but you can also register email addresses with different domains as Google accounts.
    • A Google Group alias. For example, address@googlegroups.com.
    • A service account. For example, address@example.gserviceaccount.com.
    • A Google Workspace domain. For example, address@example.com, where example.com is a domain that you used when you signed up for Google Cloud services.
  7. Select a role from the Role drop-down list and click Add. You can add more than one role for each user. For details on available roles, see Apigee roles and IAM permissions reference.
  8. Repeat this process for each environment for which you want to specify the user's role.
  9. You can remove a user account from an environment using the UI, but that user account will still have the access that it was granted in the Google Cloud Console unless you also remove the user from the Console by default.

Remove user accounts

Removing a user at the environment level does not remove the user at the Google Cloud project level. As a result, the user can still access all environments with their Google Cloud project level permissions.

To revoke the user's access entirely, you must remove them from the Google Cloud project as described in Revoking Access to Google Cloud Platform.

To remove a user from an environment:

  1. Open the Apigee UI in a browser.
  2. Select Admin > Environments > Access in the left navigation menu.
  3. Select the environment name from the drop-down list.

    The UI displays a list of current users for the selected environment.

  4. In the user's row, click Delete.

    The UI displays a confirmation dialog box:

  5. Click Revoke.

    The UI removes that user from the environment.

Change user roles in the UI

You can change a user's role on a per-environment basis by using the UI. This includes adding additional roles to a user account or removing one or more roles from the user account.

To change a user's roles for an environment:

  1. Open the Apigee UI in a browser.
  2. Select Admin > Environments > Access in the left navigation menu.
  3. Select the environment name from the drop-down list.

    The UI displays a list of current users for the selected environment.

  4. In the user's row, click Edit.

    The UI displays the Manage Roles dialog box:

  5. Do one of the following:
    1. To remove a role: Click Cancel next to that role.
    2. To change a role: Select a new role from the drop-down list of roles.
    3. To add another role: Click Add another role.
  6. Click Apply.

    The UI applies your changes to the user in that environment.