When you create a user, the user can access services based on the organization's licenses, the user's roles, and the groups to which the user belong.
Users normally inherit the services assigned to their user groups. However, you can specifically allow or deny access to services on the Users page.
For example, you want to allow an application developer with the Service Consumer role to use API Portal but not Data Integration or Application Integration. Explicitly allow the API Portal service for the user and deny the Data Integration and Application Integration services. When you do this, the application developer can no longer see the Data Integration and Application Integration services on the My Services page even though the Service Consumer role has privileges related to them.
When a user has access to a service, the service is visible on the My Services page. The user can access and use the service as long as access is allowed.
When a user loses access to a service, the user can no longer see the service on the My Services page.
Important: Allowing or denying a service only reveals or hides the service from the user interface. The user retains all privileges associated with their assigned roles, even if you explictly deny a service. This means that the user might be able to perform an action through the API even if access is denied. As a best practice, only assign privileges that align with services assigned to a user.
1In Administrator, select Users.
2In the row that contains the user, click Actions and select Assign Services.
3In the Assign Services dialog box, perform one of the following tasks for each service:
- To let the user's group memberships define whether the user can access the service, leave both the Allow and Deny options deselected. If the group's services change, the user's access to services changes automatically.
- To allow access to the service regardless of what's defined in the user's group, select the Allow option.
Tip: If you don't see the service you wish to assign, that means the service isn't present in the organization's license.
- To deny access to the service, regardless of whether the user's group allows it, select the Deny option.