Roles reference

A team can have any number of roles. See Manage Teams and Roles. All predefined roles and teams automatically get access to all geographic regions in your Konnect instance.

The following predefined roles are available in Konnect:

API products

Role	Description
Admin	Admin of an existing API product. The admins have all write access permissions related to a API product, API product version, etc.
Application Registration	Access to enable or disable application registration for an API Product.
Creator	Access to create new API product in API Products. The creator becomes the owner of the API product they create, gaining admin access to the API product. This role does not provide access to creating sub-entities in an API product such as API product versions or API specs, or link the API product version to a Gateway service. See the Admin or Maintainer role.
Maintainer	Access to fully manage an API product and its API product versions including app registration, publishing documentation, etc.
Publisher	Access to publish an API product to the Dev Portal.
Viewer	Read-only access on an API product including API product versions and its configuration, analytics, and documentation.

Control Planes

Role	Description
Admin	Owner of an existing control plane group. Admins have write access to control plane nodes, and the control plane group’s corresponding data plane nodes.
Certificate Admin	Access to configure certificates for an existing control plane group.
Cloud Gateway Cluster Admin	Access to all read and write permissions related to cloud-gateways configurations and custom domains.
Cloud Gateway Cluster Viewer	Access to read-only permissions to cloud-gateways configurations and custom domains.
Consumer Admin	Access to configure consumers for an existing control plane group.
Creator	Access to create a new control plane group in Gateway Manager. The creator becomes the owner and admin of the control plane group they create. This role does not grant access to existing control plane groups, data plane nodes, or their configurations. See the `Admin` or `Deployer` roles.
Deployer	This role grants full write access to administer services, routes, and plugins necessary to deploy services in Service Catalog. Must also have the Deployer role for the service being deployed.
Gateway Service Admin	Access to configure Gateway services for an existing control plane group.
Key Admin	Access to configure keys for an existing control plane group.
Plugin Admin	Access to configure plugins for an existing control plane group.
Route Admin	Access to configure routes for an existing control plane group.
Serverless Cluster Admin	Access to all read and write permissions related to serverless cloud-gateways configurations.
Serverless Cluster Viewer	Access to read-only permissions to serverless cloud-gateways configurations.
SNI Admin	Access to configure SNIs for an existing control plane group.
Upstream Admin	Access to configure upstreams for an existing control plane group.
Vault Admin	Access to configure vaults for an existing control plane group.
Viewer	Read-only access to all the configurations of a control plane group and corresponding data plane nodes.

Mesh control planes

Role	Description
Admin	Owner of an existing mesh control plane. The owners have all write access related to a control plane and its configuration.
Creator	Access to create a new mesh control plane in Mesh Manager. The creator becomes the owner of the control plane they create, gaining admin access to the new control plane. This role does not grant access to existing control planes or their configurations. See the mesh control plane `Admin` role.
Viewer	Read-only access to all the configurations of a Konnect mesh control plane, including zones, Zone Ingress and Egress, meshes, and RBAC.

Networks

Role	Description
Network Admin	Access to all read and write permissions related to a network.
Network Creator	Access to creating networks.
Network Viewer	Access to read-only permissions to networks.

Service Catalog

Role	Description
Integration Admin	Can view and edit all integrations (install/authorize).
Integration Viewer	Access to read-only permissions to integrations.
Scorecard Viewer	Access to read-only permissions to scorecards.
Scorecard Admin	Can view and edit Scorecards.
Service Admin	Can view and edit a select list of Service Catalog services, map resources to those services, manage all resources, and has read-only access to all integrations and integration instances.
Service Creator	Can create new Service Catalog services, becomes the Service Admin for any service they create, and can view and edit all resources. Includes read-only access to all integrations and integration instances. This role does not grant access to existing services or their configurations. See the `Service Admin` role. This role does not grant write access to integration instances. See the `Integration Admin` role.
Service Viewer	Can view a select list of services and all resources and discovery rules.

Portals

Role	Description
Admin	Owner of an existing Dev Portal instance. The owner has full write access related to any developers and applications in the organization.
Appearance Maintainer	Access the Portal instance and edit its appearance.
Creator	Create new Portals.
Maintainer	Edit, view, and delete Dev Portal applications, and view developers.
Product Publisher	Manage publishing products to a Dev Portal.
Viewer	Read-only access to Dev Portal developers and applications.

Application Auth Strategies

Role	Description
Creator	Create new app auth strategies.
Maintainer	Edit one or all app auth strategies.
Viewer	Read-only access to one or all app auth strategies.

DCR

Role	Description
Creator	Create new DCR providers.
Maintainer	Edit one or all DCR providers.
Viewer	Read-only access to one or all DCR providers.

Identity

Role	Description
Admin	This role grants full write access to all identity resources.

Thank you for your feedback.

Was this page useful?