A user role is a title that contains
Roles contain permissions for users to manage security. Different roles are created the server. You can create different roles with various combinations of permissions with the objective of segregation of duties for users who access the Serverand assign them to a user or a group of users. Through the management console, you can also edit and delete an existing user role.
Identity Server supports the the role-based authentication model model where privileges of a user based on a role attached with.
A user is associated with one or more roles (generally specified upon user creation), and each role is associated with zero or more permissions (also generally specified upon user creation). Therefore, the set of permissions owned by a user is determined by the roles assigned to that user.
If a user has several assigned roles, their permissions are added together.
By default, Identity Server comes with the following roles:
- Admin - Provides full access to all features and controls. By default, the user "admin" is assigned to both the "Admin" and the "Everyone" roles.
- Everyone - Every new user is assigned to this role by default. It does not include any permissions.
- System - This role is not visible in the Management Console.
...
| Table of Contents |
|---|
Adding a user role
| Anchor | ||||
|---|---|---|---|---|
|
Follow the instructions below to create add a new user 's role.
...
- On the Configure tab in the management console, click Users and Roles.
- On the User Management page, click on the Roles link.
- On the Roles page, click on
- Click Roles. This link is only visible to users with the Admin role.
- Click Add New Role.
- Enter the name for the role and click "Next." You can also click "Finish," in which case the new role will be created with default permissions (none) and no assigned users.
- The permission model of WSO2 Identity Server is hierarchical. Permissions can be assigned to a role in a fine-grained or a coarse-grained manner. For example, you can either select the whole class of permissions, such as Configure, by checking the corresponding box, or you can expand that class and select one or several items.
- Select the permissions you would like to add to your role and click Next.
- Select the users to be assigned to the role. You can conduct a search
- Do the following:
- In the Domain list, specify the user store where you want to create this role.
- Enter a unique name for this role.
- Click Next.
- Select the permissions you want users with this role to have. Note that when you assign this role to a user, you can override the role's permissions and customize them for the user.
- Select the existing users you want to have this role. You can also assign this role to users later, but if you are creating this role in an external user store that does not allow empty roles, you must assign it to at least one user. You can search for a user by name, or view all users by entering "entering
*" into in the search field. - Click SearchFinish.
- Select the users you want to add the role to.
- Click on the Finish button.
- The new role is added to the list.
From here, you can rename roles, assign new permissions and users, and delete a role.
The role is created and is listed on the Roles page. You can now edit the role as needed.
Editing or deleting a role
If you need to make modifications to a role, select the domain (user store) where the role resides, and then use the links in the Actions column on the Roles screen as follows:
- Rename the role
- Change the default permissions associated with this role
- Assign this role to users
- View the users who are assigned this role
- Delete the role if you no longer need it
| Info |
|---|
If the role is in an external user store to which you are connected in read-only mode, you will be able to view the existing roles but not edit or delete them. However, you can still create new editable roles. |
| Excerpt | ||
|---|---|---|
| ||
Instructions on how to create and add a new user role in the WSO2 Identity Server. |