Authorization Matrix

Apinizer classifies authorizations into two main categories: Project Based Authorizations and Management Based Authorizations. In this document, these two categories are explained in detail and which roles have access to each authorization is presented in tables.

Please note the difference between role and authorization. A role is a grouping of authorizations and is managed from the roles page.

Project Based Authorizations

Project Based Authorizations cover API development, testing, analysis and management performed within the scope of a specific project. These authorizations focus on the content of the projects.

The following tables show the authorizations assigned to roles and what authorizations roles need to access menus.

Developer Authorizations

Permission Name	Page/Menu	Description	Allowed Operations
API Specs	Spec Designer	Creation and editing of API definitions	- Creating new API specs - Editing existing specs - Spec versioning
API Proxies	API Proxies	Management of API proxies	- Creating proxies - Configuring proxies - Deleting proxies
Deploy/Undeploy	Development > API Proxies	Publishing and withdrawing APIs	- API deployment - API withdrawal - Deployment management
API Proxy Groups	API Proxy Groups	Management of proxy groups	- Creating new API Proxy groups - Adding proxies to API Proxy groups - API Proxy Group configuration
Global Policies	Global Policies	Definition of system-wide policies	- Authentication policies - IP restrictions - Security rules
Task Flows	API Integrator > Task Flows	Defining automated workflows	- Creating new flows - Editing existing flows - Flow testing
API Creator	API Creator > DB-2-API, Mock API, Script-2-API	Automatic API creation	- Creating APIs from databases - Preparing Mock APIs - Generating APIs with scripts
Import/Export	Export/Import	Transfer of projects and settings	- Exporting projects - Importing projects - Backup

Test Authorizations

Permission Name

Page/Menu

Description

Allowed Operations

API Tester

Test > Test Console

Creating API test scenarios

- Preparing test scenarios

- Running tests

- Test reporting

Analytical Capabilities

Permission Name

Page/Menu

Description

Allowed Operations

Analytics

Analytics > Dashboard, API Traffic

Performance and traffic analysis

- Viewing traffic reports

- Metric analysis

- Performance monitoring

Security Authorizations

Permission Name

Page/Menu

Description

Allowed Operations

API Security

Identity Management

API security settings

- Identity provider management

- Access controls

- Security configurations

Audit

Auditing

System audit logs

- Viewing audit records

- Log analysis

- Security reports

Project Authorizations

Permission Name

Page/Menu

Description

Allowed Operations

Projects

Project Settings > General Settings

Project management

- Creating projects

- Configuring projects

- Deleting projects

Project Members

Project Settings > Members

Project member management

- Adding members

- Defining member roles

- Managing member access

Management Based Authorizations

Administration Based Authorizations cover system administration of the Apinizer platform, user management, security configuration and infrastructure settings. These authorizations are typically granted by the System Admin role and focus on the overall system configuration that applies to all projects.

System Admin: Has the authority to manage the entire system. Provides access to functions such as infrastructure, user management and system settings.
Project Admin: Has full access to all projects. It can perform operations within the scope of the project such as API development, testing, deployment and analysis.
Portal Manager: Includes special authorizations for API Portal management.
Analyzer: Provides customized privileges for analysis and reporting.
Portal Business User: Contains authorizations that enable API products in the API Portal to be displayed in read-only mode.
API Portal Developer User: Contains authorizations that enable the development of API products in the API Portal.

Management Menu Authorization Matrix

Overview Authorizations

Menu

Page

User Permission

Allowed Operations

Overview

Management Console Homepage

Project Admin

- Viewing system-wide statistics

- Monitoring key performance indicators

Portal Management

Menu	Page	User Permission	Allowed Operations
Portal	API Products	System Admin, Portal Manager	- Creating API products - Editing products - Deleting products
	Approval Requests > API Product App Register	System Admin, Portal Manager	- Viewing incoming requests - Managing requests
	Approval Requests > Account/Developer	System Admin, Portal Manager	- Reviewing membership applications - Changing membership status
	Accounts/Developers	System Admin, Portal Manager	- Creating developer accounts - Account management
	Categories	System Admin, Portal Manager	- Adding categories - Editing categories
	Responsible Units	System Admin, Portal Manager	- Defining units - Unit association
	Settings	System Admin	- Configuring portal general settings

System Monitor Authorizations

Menu

Page

User Permission

Allowed Operations

Monitor

Uptime Monitor

Project Admin

- Monitoring system operational status

- Viewing performance metrics

Anomaly Detector

Project Admin

- Detecting system anomalies

- Creating anomaly reports

Alert

System Admin + Project Admin

- Creating alarm rules

- Alarm management

System Analytical Authorizations

Menu	Page	User Permission	Allowed Operations
Analytics	Dashboard	System Admin, Analyzer	- General analytics dashboard - Viewing reports
	API Traffic	System Admin, Analyzer	- Proxy traffic analysis - Detailed traffic reports
	Query Editor	System Admin, Analyzer	- Creating custom queries - Advanced filtering
Reports	API Traffic Time Metrics	System Admin, Analyzer	- Time-based traffic reports - Performance metrics
	Endpoint Traffic Time Metrics	System Admin, Analyzer	- Endpoint performance analysis
	Client Traffic Time Metrics	System Admin, Analyzer	- Client-based traffic analysis
	IP Traffic Time Metrics	System Admin, Analyzer	- IP-based traffic monitoring
	Report Generator	System Admin, Analyzer	- Creating custom report templates

Project Management (System Level)

Menu

Page

User Permission

Allowed Operations

Project

Projects

System Admin

- Listing all projects

- Creating projects

Project Settings

General Settings, Members

Project Admin

- Deleting projects

- Editing projects

- Authorizing users for projects

- Assigning project-based roles to users

User Management

Menu

Page

User Permission

Allowed Operations

User Management

Users

System Admin

- Adding users

- Editing users

- Deleting users

Teams

System Admin

- Creating teams

- Managing team membership

Roles

System Admin

- Defining roles

- Editing role permissions

Identity Management (System Level)

Menu	Page	User Permission	Allowed Operations
Identity Management	Credentials Management > Credentials	System Admin	- Configuring identity providers - Authorizing identity providers based on API Proxies - Authorizing identity providers based on API Proxy Groups - Identity providers token settings - Identity providers secret configurations
	Credentials Management > Organizations	System Admin	- Adding new organizations - Grouping credentials based on organizations
	Credentials Management > Contracts/Protocols	System Admin	- Creating new contracts - Editing contracts - Deleting contracts
	Credentials Management > Credential Roles	System Admin	- Creating roles for identity providers - Deleting roles for identity providers - Editing roles for identity providers
	Credentials Management > API Proxy ACL	System Admin	- Authorizing identity providers based on API Proxies
	Credentials Management > API Proxy Group ACL	System Admin	- Authorizing identity providers based on API Proxy Groups
	Identity Providers > Database, LDAP, API	System Admin	- Alternative method configurations for identity providers
	IP Groups	System Admin	- IP-based access controls
	ACL Report	System Admin	- Access control list reports
	ACL Audit Records	System Admin	- Displays information about users who were approved or denied access to API Proxy or API Proxy Group

Connection Configurations

Menu

Page

User Permission

Allowed Operations

Connection Management

Database, Elasticsearch, E-mail, Kafka, ActiveMQ, etc.

System Admin

- Multiple system integrations

- Connection settings management

Secret Key Management

Menu	Page	User Permission	Allowed Operations
Secret Manager	Certificates	System Admin	- Certificate management - Certificate uploading
	Keys	System Admin	- Key creation - Key deletion
	Key Stores	System Admin	- Key store management
	JSON Web Keypair Sets	System Admin	- JSON Web Token key sets

Server Management

Menu

Page

User Permission

Allowed Operations

Server Management

Gateway Environments

System Admin

- Configuring gateway environments

- Environment management

Kubernetes Resources

System Admin

- Kubernetes resource management

Backup Management

Menu

Page

User Permission

Allowed Operations

Backup Management

Configuration

System Admin

- Backup configuration

- Scheduled backups

History

System Admin

- Viewing backup list

- Restoration operations

Version Upgrade

Menu

Page

User Permission

Allowed Operations

Version Management

Upgrade

System Admin

- Update planning

- Applying updates

History

System Admin

- Viewing previous updates

Audit

Menu	Page	User Permission	Allowed Operations
Auditing	Token Request	System Admin	- Viewing token requests
	Login Request	System Admin	- Monitoring user login records
	Audit Records	System Admin	- System operation audit records
	Test Console Audit	System Admin	- Reviewing Test Console logs

System Settings

Menu	Page	User Permission	Allowed Operations
System Settings	General Settings	System Admin	- System-wide configuration - Editing basic settings
	Predefined Values	System Admin	- CORS settings - Header filters
	License Management	System Admin	- Managing license information
	IP Geolocation Setting	System Admin	- Managing IP Geolocation settings
	KPS Setting	System Admin	- Managing KPS Settings
	ProCrypt Setting	System Admin	- Managing ProCrypt Settings
	Error Messages	System Admin	- Managing error messages

Note: “Principle of Least Authorization” should be applied during role assignments. Users should be given only the authorizations they need.