According to the default configuration in WSO2 products, the Users, Roles and Permissions are stored in the same repository (i.e., the default, embedded H2 database). However, you can change this configuration in such a way that the Users and Roles are stored in one repository (User Store) and the Permissions are stored in a separate repository. A user store can be a typical RDBMS, an LDAP or an external Active Directory. See the following topics for information on how user stores are configured.
...
For information on how the repositories for storing information about
...
users and
...
roles are configured, see Configuring User Stores.
The repository that stores Permissions should always be an RDBMS. The Authorization Manager configuration in the user-mgt.xml file (stored in the <PRODUCT_HOME>/repository/conf/ directory) connects the system to this RDBMS.
...
- Change the default H2 database or set up another RDBMS for storing permissions.
- When you set up an RDBMS for your system, it is necessary to create a corresponding datasource, which allows the system to connect to the database.
- If you are replacing the default H2 database with a new RDBMS, update the
master-datasource.xmlfile (stored in the<PRODUCT_HOME>/repository/conf/datasources/directory) with the relevant information. - Alternatively, create a new XML file with the datasource information of your new RDBMS and store it in the same
<PRODUCT_HOME>/repository/conf/datasources/directory.
- If you are replacing the default H2 database with a new RDBMS, update the
Refer the related topics for detailed information on setting up databases and configuring datasourcesFor information on how you can set up a new RDBMS and configure it for your system, see Setting Up the Physical Database, and for information on the purpose of defining datasources and how they are configured for a product, see Managing Datasources.
Step 2: Updating the user realm configurations
...