Versions Compared

Old Version 25

changes.mady.by.user Former user

Saved on

compared with

New Version 26

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If a user has several assigned roles, their permissions are added together.

Table of Contents

Adding a user role 
Anchor
addU
addU

Follow the instructions below to add a user role.

...

The role is created and is listed on the Roles page. You can now edit the role as needed.  

Editing or deleting a role

If you need to make modifications to a role, select the domain (user store) where the role resides, and then use the links in the Actions column on the Roles screen as follows: 

...

Info

If the role is in an external user store to which you are connected in read-only mode, you will be able to view the existing roles but not edit or delete them. However, you can still create new editable roles.

Updating role names

If you need to make modifications to the role names, you need to do the following:

Table of Contents
maxLevel5
minLevel5

Anchor
UpdateRole1
UpdateRole1
Update before the first startup (recommended)

The default role names (admin and everyone) can be changed before starting WSO2 product by editing <PRODUCT_HOME>/repository/conf/user-mgt.xml.

Code Block
languagehtml/xml
<Configuration> 
	<AdminRole>admin</AdminRole> 
	<AdminUser> 
		<UserName>admin</UserName> 
		<Password>admin</Password> 
	</AdminUser> 
	<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root --> 
	<Property name="dataSource">jdbc/WSO2CarbonDB</Property> 
	<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder</Property> 
</Configuration>

The following are the changes that need to be made in the configurations above:

  • Change <AdminRole>admin</AdminRole> to <AdminRole>administrator</AdminRole>.
  • Change <EveryOneRoleName>everyone</EveryOneRoleName> to <EveryOneRoleName>Your role</EveryOneRoleName>.
Update after the product is used for sometime 
  1. Make the configuration changes indicated in the above section.
  2. You need to do the following user store level changes for existing users if you have changed the role names as mentioned earlier. 

    • If you are connected to JDBCUserStoreManager you need to update the UM_USER_ROLE table with the existing users after changing the 'admin' and 'everyone' role names. Also if you have changed the permission of 'everyone' role the UM_ROLE_PERMISSION has to be updated with the permissions to the new role.

      Info

      The schema can be located by referring to the data source defined in the user-mgt.xml file. The data source definition can be found under repository/conf/datasources/master-datasources.xml.

    • If you are connected to ReadWriteLdapUserStoreManager you need to populate the members of the previous admin role to the new role under the Groups.
  3. After the changes restart the server.

 

Excerpt
hiddentrue

Instructions on how to create and add a new user role in the WSO2 Identity Server.