Hi,

I wanted to grant access to a Custom Role to Create/Update/Delete KVMs for only to given KVM in a given Apigee environment only (like Dev).

Scenario is: Once the Apigee Org Admin creates a KVM and grants the Custom Role the permission to that KVM, the developer (associated to the Custom Role) can then add/update/delete Key/Value pairs in that KVM as he or she needs for their proxy development purposes, without Org Admin becoming the bottleneck; but at the same time, limiting their access to other Apigee environment like Test or Prod.

Is there a way to do that?

I tried the following (by specifying the Environment & KVM in the ResourcePermission); but its not limiting the access to 'test' region as specified for the specified role, developer is able to list key-value pairs in Prod region as well.

curl -u "{Org_Admin_EMailId}:{Org_Admin_Password}" -i -n -k -X POST -H content-type:application/xml -H accept:application/xml "https://api.enterprise.apigee.com/v1/o/{Org_Name}/userroles/{Custom_Role_Name}/permissions" -d '<ResourcePermission path="/environments/test/keyvaluemaps/{KVM_Name}"><Permissions><Permission>get</Permission><Permission>put</Permission><Permission>delete</Permission></Permissions></ResourcePermission>' 

Thanks,

Aneesh.