cancel
Showing results for 
Search instead for 
Did you mean: 

Add multiple roles to Service Keys in SAP CPI Cloud Foundry

former_member595528
Discoverer
0 Kudos

Hello Team,

I want to create a Service Key for Service Instance of type 'API'

I follow sap help to create a json file to upload to service key.

https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/7a9b282981784f399615b2fda3c...

I want to add multiple roles to a Service Key, like below

{"grant-types": "client_credentials","roles": ["MonitoringDataRead","WorkspaceArtifactsDeploy","WorkspacePackagesEdit","WorkspacePackagesTransport"]}

But when the Service Key is created with above json, I do not see any roles being assigned. Only credentials are created.

Has anyone added role/roles to service key and share json as reference?

Regards,

Archana

axelalbrecht
Advisor
Advisor

Hi Archana,

as already assumed by the other users, the roles are now bound to the service instance and not anymore with the key. With this we are able to allow role changes for a service instance without the need to generate a new service key.

regards,
Axel

0 Kudos

@Axel Albrecht,

Is we have an application which is not defined in BTP how could we assign a role to it if there is no way to set it up on service key level.

Accepted Solutions (1)

Accepted Solutions (1)

Muniyappan
Active Contributor
0 Kudos

Hi Archana,

Did you check the roles in instance level? I noticed the same behavior recently when i was creating key

Answers (2)

Answers (2)

former_member595528
Discoverer
0 Kudos

As suggested, we added required roles in Service Instance instead of Service Keys.

Thank you for the inputs.

former_member226
Employee
Employee
0 Kudos

Hi

To me, It looks like there is some structural change in the JSON output of the service key, due to which roles are not returned as part of the service key. Logically, roles are not part of the service key but service instance. Hence it also make sense to me.

Nevertheless, when you will try to execute the request with the client ID generated then I believe that request should be successful.

Further, you can click "..." icon on the RHS panel of service instance to view the service instance parameter where you can clearly see the role.(See attachment)