How can I override the Access Control/Groups in Product for upper environments.

[vinilka8]

Please describe the feature.

Hi Guys

How do we override the ACCESS CONTROL in the PRODUCT for the upper environment, from DEV to QA using configuration file?

DEV APIM Instance has a product, that has an access control assigned to Administrators and Developers

QA APIM Instance should also have a product BUT in this case the one of the roles should be different, instead of Developers we need ITOperations.

Thanks

[github-actions]

  Thank you for opening this issue! Please be patient while we will look into it and get back to you as this is an open source project. In the meantime make sure you take a look at the [closed issues](https://github.com/Azure/apiops/issues?q=is%3Aissue+is%3Aclosed) in case your question has already been answered. Don't forget to provide any additional information if needed (e.g. scrubbed logs, detailed feature requests,etc.).
  Whenever it's feasible, please don't hesitate to send a Pull Request (PR) our way. We'd greatly appreciate it, and we'll gladly assess and incorporate your changes.

[guythetechie]

@vinilka8 - try overriding your QA configuration file like this:

products:
  - name: user
    groups:
      - administrators
      - ITOperations

[vinilka8]

Hello @guythetechie

I have tried your suggestion it's something I was looking for, but it's not working, unfortunately.

in my sample I have used Administrators and Developers, so in a DEV environment I have removed developers, but adding developers into QA environment

still only administrators in QA,

[vinilka8]

Hi Guys

Any updates?

Thanks

[guythetechie]

1. Can you check that the administrators group already exists in QA? ApiOps will not create groups for you, it will just link products to existing groups.
2. You can enable debug logging to see which URLs get called by ApiOps. Can you look at your logs and see which calls are made when it processes product groups?

[vinilka8]

1. yes, I can confirm that the Administrators group already exists in QA, I have manually assigned administrators and developers to a product access control, BUT the APIOPS pipeline doesn't do that
   
2. by default I am running debug logging - in a new case I am trying to assign 'Guests' to my product, but the pipeline still doesn't do the work, I still don't see guests assigned to a product.
   
   

Yes, I am aware that APIOps will just link product to existing groups, but it's not the case

[guythetechie]

Can you share your publisher pipeline logs with any sensitive information scrubbed? If you're concerned about posting scrubbed logs here, feel free to create a private Git repo, put your logs there, and invite me.

[vinilka8]

those only debug logs I have obtained, I don't see what payload is passed into rest api

[guythetechie]

You need to enable trace logging to show the payload.