Teams and Roles
Many organizations have strict security requirements. For example, organizations
need the ability to segregate the duties of an administrator to ensure that a
mistake or malicious act by one administrator doesn’t cause an outage.
To help secure and govern your environment, Konnect provides
the ability to manage authorization with teams and roles. You can use Konnect’s
predefined teams for a standard set of roles, or create custom teams with
any roles you choose. Invite users and add them to these teams to manage user
Teams and roles
You can find a list of all teams in your organization through
Organization > Teams in Konnect.
You must be part of the Organization Admin team to manage users, teams, and
Team: A group of users with access to the same roles. Teams are useful
for assigning access by functionality, they can provide granular access to
any group of Konnect resources based on roles.
Role: Predefined access to a particular resource, or an
instances of a particular resource type (for example, a particular service or all services).
When you create a Konnect account, you are automatically added to the Organization
Admin team, which is one of the predefined teams
in Konnect. Predefined teams have sets of roles that can’t be modified or
deleted. Users assigned to a predefined team also can access all geographic regions in your Konnect instance. You can add users to these teams, or create your own custom teams
with any of the supported roles.
Users can be part of any number of teams, and the roles gained from the teams
are additive. For example, if you add a user to both the Service Developer and
Portal Viewer teams, the user can create and manage services
through API Products and register applications through the Dev Portal.
If two roles provide access to the same entity, the role with more access
takes effect. For example, if you have the Service Admin and Service Deployer
roles on the same service, the Service Admin role takes precedence.
Geographic region assignment
Teams and roles can be assigned to a specific geographic region in Konnect. Those teams and roles only access Konnect objects, such as services, that are also located in the same geo they are assigned to.
Get started with access management