What’s New in Treblle 3.0: Roles and Permissions

With Treblle 3.0, managing API access is easier than ever thanks to the new Roles and Permissions feature.

Roles and Permissions in Treblle are designed to provide clarity and control over who can perform specific actions within your Workspace and APIs. By defining roles as Owner or Member, Treblle ensures that users can access their responsibilities appropriately.

What Are Roles and Permissions in Treblle?

In Treblle Workspaces, Roles and Permissions define how team members interact with APIs and configurations.

• Member: This is the default role for general users. Members can view APIs and their data but can't make structural changes. They can access the API Catalog to view published documentation without requiring direct API access.
• Owner: Owners have elevated permissions, including managing Workspaces, teams, and APIs. This role is ideal for administrators overseeing sensitive settings and configurations. Owners can leverage advanced security features like Single Sign-On (SSO) and Multi-Factor Authentication (MFA) to ensure workspace security.

Treblle ensures teams can collaborate while safeguarding critical API data by categorizing users into these roles.

How Roles and Permissions Work in Treblle

Here’s a detailed breakdown based on the Free Tier capabilities outlined in the document.

Role Definitions and Capabilities

Key Differences Between Owners and Members

1. Workspace-Level Control: Owners are responsible for workspace-wide settings, such as creating, editing, or deleting workspaces. On the other hand, members have limited visibility and interaction and focus on operational tasks.
2. API-Level Permissions: While Members can view and interact with APIs, only Owners have the authority to create, edit, or delete APIs. Owners can also publish APIs to the API Catalog, making documentation accessible to team members without granting full API access.
3. User and Team Management: User management is strictly reserved for Owners. They control invitations, role assignments, and removals. Members do not have access to these settings.

Steps to Setup Roles and Permissions in Treblle

Go to the left-hand Workspace Settings menu. Click on People to view or manage users in your Workspace.

Workspace Settings menu

If you are a Member, this section displays a list of Workspace members and details about their roles (Owner or Member). As a Member, you cannot invite others or change roles.

People section inside the Workspace settings

Invite Members to the Workspace

If you are an Owner, you will see an Invite Members option. Use this option to invite new members to your Workspace.

Inviting Members to your Workspace

Important Note:

Members who are invited to the Workspace have access only to public APIs. For private APIs, owners must explicitly invite members to participate in those specific APIs.

Invite Members to Specific APIs

1. Go to the API Settings menu on the left-hand side.
2. Under API Settings, find the People section.
3. Use this section to invite Members to specific APIs.

Inviting Members to specific APIs

Example Workflows with Roles and Permissions

Scenario 1: In a development team of, say, 20 people, it’s common to have a mix of roles, such as project leads, backend developers, frontend developers, and QA testers.

Workflow:

• The Owner creates an API to manage user authentication for a mobile app. They configure it to integrate with the company’s SSO and apply custom rate limits.
• Developers (Members) use this API to test various authentication scenarios (e.g., logging in with social accounts) and analyze performance through Treblle’s analytics dashboard.
• Testers (Members) validate the API responses and report issues without worrying about accidental API deletion or misconfiguration.

Scenario 2: Suppose your organization includes technical teams (developers, DevOps) and non-technical teams (product managers, marketing analysts). Owners can also utilize the API Catalog to share documentation with product managers and analysts while maintaining secure workspace access through MFA.

Workflow:

• Developers create an API that aggregates product data (e.g., descriptions, prices, inventory). They configure it to be accessible only to workspace Members.
• The product team uses this API to build real-time product performance dashboards in tools like Tableau or Power BI, leveraging Treblle's data export capabilities.

Scenario 3: Maintaining strict access control is non-negotiable for companies dealing with sensitive data (e.g., healthcare financial services).

Workflow:

• The Owner configures an API for patient data to comply with GDPR. They ensure the API logs are anonymized and restrict their visibility to private.
• Business analysts (Members) access aggregated, de-identified data through specific endpoints to generate compliance reports or monitor trends.
• The Owner periodically audits Member access to ensure no unnecessary permissions have been granted.

Making API Access Simple and Secure

Managing APIs isn't just about building and deploying; it’s about ensuring teams work together effectively while keeping everything secure and under control.

The Roles and Permissions feature in Treblle 3.0 provides a structured way to manage teams and APIs. Determining clear roles enhances collaboration while keeping data and configurations secure.

Owners get the control they need to manage workspaces and APIs, while Members focus on what they do best without worrying about permissions or configurations.