Current Limitation

The read only user have the following scopes - apim:api_view and apim:publisher_settings. WSO2 API-M provides a pre-defined role named internal/observer, which is used to group all the read-only users. In read only mode, the publisher portal functionalities should be disabled.

Steps to create a read only user: https://apim.docs.wso2.com/en/latest/manage-apis/design/api-security/authorization/publisher-portal-in-read-only-mode/#step-1-create-a-read-only-user

Suggested Improvement

Here are some minor UI/UX improvements that can be done to the read-only user view.

1. Disable the description button on deployments page

2. Disable the add label button in basic info page

3. Disable the audience validation config in runtime configurations page

4. Disable the delete button in MCP tools page

5. Fix the infinite loading issue and empty API key in Tryout page. Need a better way to imply that the user doesn't have the required permission

6. In scopes page, show that the option is disabled. Currently it looks clickable and nothing happens when clicking

7. The global policy page looks empty. Need a better way to show that the user doesn't have the required permission.

8. Disable the drag and drop feature in API policy page. Read only user should be able to view the policies, but not to use the drag and drop functionality.

Version

4.6.0