...
WSO2 products has two types of roles. External Roles and Internal Roles. Let say there are two user stores.
Store-A | Store-B | |
---|---|---|
Users | user_A | user_B |
Roles | role_A | role_B |
External Roles :
Store in user store itself. Only users in that user store can assign to external roles in same user store.
Eg : user_A can assign to role_A
user_B can't assign to role_A
Store in user store itself. Only users in that user store can assign to external roles in same user store.
Eg : user_A can assign to role_A
user_B can't assign to role_A
Info |
---|
In the user stores Users are assign to a Group. Within the WSO2 servers we have Roles and directly map one Group to a Role then assign the permission for that role. There is a one to one mapping between Groups and Roles and same Group name is used to represent the Role in the server. |
Eg : both user_A and user_B can assign to same internal role.
Info |
---|
For internal Roles there are not mapped Groups in user stores. So we directly assign users to these roles (Do not support to assign Groups to these Roles) |
Info |
---|
Internal/everyone : This is a conceptual role that is used to group all the users (across the user stores) together. When you create a new user, automatically the user belongs to the Internal/everyone role. Application Role : is a special case of internal roles, these are created for a single service provider ( SP ) application and only users in this role can mange relevant SP application. |
...