Page Comparison

According to the default configuration in WSO2 products, the Users, Roles and Permissions are stored in the same repository (i.e., the default, embedded H2 database). However, you can change this configuration in such a way that the Users and Roles are stored in one repository (User Store) and the Permissions are stored in a separate repository. A user store can be a typical RDBMS, an LDAP or an external Active Directory. See the related following topics for information on how user stores are configured. 

• Configuring User Stores: This topic explains how the repositories for storing information about Users and Roles are configured.
• Setting Up the Physical Database: This section explains how you can set up a new RDBMS and configure it for your system.
• Managing Datasources: This section explains the purpose of defining datasources and how they are configured for a product.

The repository that stores Permissions should always be an RDBMS. The Authorization Manager configuration in the user-mgt.xml file (stored in the <PRODUCT_HOME>/repository/conf/ directory) connects the system to this RDBMS.

...

• The org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager class enables the Authorization Manager for your product.
• The AdminRoleManagementPermissions property sets the registry path where the authorization information (role-based permissions) are stored. Note that this links to the repository that you defined in Step 1.

• It is recommended to enable the GetAllRolesOfUserEnabled property in the AuthorizationManager as follows:
  

  Code Block
  <Property name="GetAllRolesOfUserEnabled">true</Property>

  Although using the user store manager does not depend on this property, you must consider enabling this if there are any performance issues in your production environment. Enabling this property affects the performance when the user logs in. This depends on the users, roles and permission stats.

• By default, the rules linked to a permission (role name, action, resource) are not case sensitive. If you want to make them case sensitive, enable the following property:
  

  Code Block
  <Property name="CaseSensitiveAuthorizationRules">true</Property>

Related Topics

• Configuring User Stores: This topic explains how the repositories for storing information about Users and Roles are configured.
• Setting Up the Physical Database: This section explains how you can set up a new RDBMS and configure it for your system.
• Managing Datasources: This section explains the purpose of defining datasources and how they are configured for a product.