The following section describes the RemoteAuthorizationManager API and the operations that come with it.
Permissions can be assigned to user roles. The permission is an authorization to perform a specific action on a resource. For instance, a user role can have permission (i.e., authorization) to add and delete The following section describes the RemoteAuthorizationManager API and the operations that come with it.
Permissions can be assigned to user roles. The permission is an authorization to perform a specific action on a resource. For instance, a user role can have permission (i.e., authorization) to add and delete (i.e., actions) service providers (i.e., the resource). The following set of actions can be performed on a resource.
| Section |
|---|
|
| Column |
|---|
| - man_config
- man_lc_config
- man_sec
- up_serv
- man_serv
- man_media
|
| Column |
|---|
| - mon_sys
- del_id
- authorize
- inv_ser
- ui_execute
|
| Column |
|---|
| - subscribe
- publish
- consume
- change_ser
- ui_execute
|
| Column |
|---|
| - subscribe
- publish
- consume
- change_permission
- browse
|
| Column |
|---|
| - sqs_send_message
- sqs_receive_message
- sqs_delete_message
- sqs_change_message_visibility
- sqs_get_queue_attributes
|
|
The following operations are available in this API:
authorizeRole
...
| Column |
|---|
| - sqs_send_message
- sqs_receive_message
- sqs_delete_message
- sqs_change_message_visibility
- sqs_get_queue_attributes
|
|
The following operations are available in this API:
authorizeRole
This function authorizes the given role to perform the specified action on the given resource.
Input parameters
| Parameter | Description |
|---|
| roleName | The name of the role (e.g., "role1") |
| resourceId | The resource path (e.g., "/permission/admin/login") |
| action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:authorizeRole>
<!--Optional:-->
<ser:roleName>role1</ser:roleName>
<!--Optional:-->
<ser:resourceId>/permission/admin/login</ser:resourceId>
<!--Optional:-->
<ser:action>ui.execute</ser:action>
</ser:authorizeRole>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
No response on Success |
|
|
Error codes
| Invalid data provided |
| Error in connection rollback |
Error! DB error occurred while checking is existing system role for :roleName & tenant id : tenantId |
Error! Error occurred while getting UI permission ID for resource id : resourceId & action : action |
Error! Error occurred while adding UI permission ID for resource id : resourceId & action : action |
Error! Using sql : sqlStmt |
Error! Error while authorizing role: roleName in permission tree for resource id: resourceId for action: action |
Error! Error while denying role: roleName in permission tree for resource id: resourceId for action: action |
clearAllRoleAuthorization
This function clears all authorizations of the role.
Input parameters
| Parameter | Description |
|---|
| roleName | The name of the role (e.g., "role1") |
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:clearAllRoleAuthorization>
<!--Optional:-->
<ser:roleName>role1</ser:roleName>
</ser:clearAllRoleAuthorization>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
No response on Success |
|
|
Error codes
Error occurred while clearing role authorizations for role : roleName |
clearResourceAuthorizations
This function clears all the authorizations for the given resource.
Input parameters
| Parameter | Description |
|---|
| resourceId | The resource path (e.g., "/permission/admin/login") |
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:clearResourceAuthorizations>
<!--Optional:-->
<ser:resourceId>/permission/admin/login</ser:resourceId>
</ser:clearResourceAuthorizations>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
No response on Success |
|
|
Error codes
Error occurred while clearing resource authorizations for resource id : resourceId |
clearRoleActionOnAllResources
This function removes the authorization from the role to perform the specified action on the given resource.
Input parameters
...
all the resources.
Input parameters
| Parameter | Description |
|---|
| action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
...
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:authorizeRole>
<!--Optional:-->
<ser:roleName>role1</ser:roleName>
<!--Optional:--
<soapenv:Header/>
<soapenv:Body>
<ser:resourceId>/permission/admin/login</ser:resourceId>clearRoleActionOnAllResources>
<!--Optional:-->
<ser:action>ui.execute</ser:action>
</ser:authorizeRole>clearRoleActionOnAllResources>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
No response on Success |
|
|
...
Error codes
Error occurred while clearing role action on all resources for role : roleName & action : action |
clearRoleAuthorization
This function clears all authorizations clear the authorization of the specified role to perform the given action on the resource.
Input parameters
| Parameter | Description |
|---|
| roleName | The name of the role (e.g., "role1") |
| resourceId | The resource path (e.g., "/permission/admin/login") |
| action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:clearAllRoleAuthorization>
<ser:clearRoleAuthorization>
<!--Optional:-->
<ser:roleName>role1</ser:roleName>
<!--Optional:-->
<ser:resourceId>/permission/admin/login</ser:resourceId>
<!--OptionalOptional:-->
<ser:roleName>role1<action>ui.execute</ser:roleName>action>
</ser:clearAllRoleAuthorization>clearRoleAuthorization>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
No response on Success |
|
|
clearResourceAuthorizations
This function clears all the authorizations for the given resource.
Input parameters
...
| Localtab |
|---|
| | Code Block |
|---|
No response on Success |
|
|
Error codes
Error occurred while clearing role authorizations for role : roleName + & resource id : resourceId & action : action |
denyRole
This function removes the authorization of the role to perform the given action on the specified resource.
Input parameters
| Parameter | Description |
|---|
| roleName | The name of the role (e.g., "role1") |
| resourceId | The resource path (e.g., "/permission/admin/login") |
| action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/
<soapenv:Header/>
<soapenv:Body>
<ser:denyRole>
<!--Optional:-->
<soapenv:Body> <ser:clearResourceAuthorizations>roleName>role1</ser:roleName>
<!--Optional:-->
<ser:resourceId>/permission/admin/login</ser:resourceId>
<!--Optional:-->
<ser:action>ui.execute</ser:action>
</ser:clearResourceAuthorizations>denyRole>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
No response on Success |
|
|
...
Error codes
getAllowedRolesForResource
This function removes the authorization from the role retrieves the list of authorized roles to perform the specified given action on all the resourcesspecified resource.
Input parameters
| Parameter | Description |
|---|
| resourceId | The resource path (e.g., "/permission/admin/login") |
| action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
| Localtabgroup |
|---|
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:clearRoleActionOnAllResources>getAllowedRolesForResource>
<!--Optional:-->
<ser:action>ui.execute</ser:action>
</ser:clearRoleActionOnAllResources>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
No response on Success |
|
|
clearRoleAuthorization
This function clear the authorization of the specified role to perform the given action on the resource.
Input parameters
| Parameter | Description |
|---|
| roleName | The name of the role (e.g., "role1") |
| resourceId | The resource path (e.g., "/permission/admin/login") |
| action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
| Localtab |
|---|
|
| active | true |
|---|
title | Request<ser:resourceId>/permission/admin/login</ser:resourceId>
<!--Optional:-->
<ser:action>ui.execute</ser:action>
</ser:getAllowedRolesForResource>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ns:getAllowedRolesForResourceResponse xmlns:serns="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:clearRoleAuthorization>
<!--Optional:-->
<ser:roleName>role1</ser:roleName>
<!--Optional:-->
<ser:resourceId>/permission/admin/login</ser:resourceId>
<!--Optional:-->
<ser:action>ui.execute</ser:action>
</ser:clearRoleAuthorization>xmlns:ax2599="http://core.user.carbon.wso2.org/xsd"
xmlns:ax2600="http://api.user.carbon.wso2.org/xsd">
<ns:return>admin</ns:return>
<ns:return>myrole</ns:return>
</ns:getAllowedRolesForResourceResponse>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
No response on Success |
|
|
denyRole
This function removes the authorization of the role to perform the given action on the specified resource.
Input parameters
...
Error codes
Error loading authorizations. Please check the database. Error message is + errorMessage |
Error! Error while authorizing role: roleName in permission tree for resource id: resourceId for action: action |
Error! Error while denying role: roleName in permission tree for resource id: resourceId for action: action |
getAllowedUIResourcesForUser
This function retrieves the list of UI resources in the specified root patch for which the user has authorization.
Input parameters
| Parameter | Description |
|---|
| userName | The username of the specific user (e.g., " | ui.executeadmin") |
| permissionRootPath | The permission root path |
| Localtabgroup |
|---|
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:denyRole>
<!--Optional:--<soapenv:Header/>
<soapenv:Body>
<ser:roleName>role1</ser:roleName>getAllowedUIResourcesForUser>
<!--Optional:-->
<ser:resourceId>/permission/admin/login</userName>admin</ser:resourceId>userName>
<!--Optional:-->
<ser:action>ui.execute</ser:action>
</ser:denyRole>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
No response on Success |
|
|
getAllowedRolesForResource
This function retrieves the list of authorized roles to perform the given action on the specified resource.
Input parameters
| Parameter | Description |
|---|
| resourceId | The resource path (e.g., "/permission/admin/login") |
| action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
| Localtab |
|---|
|
| active | true |
|---|
title | Request>
<ser:permissionRootPath>/</ser:permissionRootPath>
</ser:getAllowedUIResourcesForUser>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ns:getAllowedUIResourcesForUserResponse xmlns:serns="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:getAllowedRolesForResource>
<!--Optional:-->
<ser:resourceId>/permission/admin/login</ser:resourceId>
<!--Optional:--.org"
xmlns:ax2599="http://core.user.carbon.wso2.org/xsd"
xmlns:ax2600="http://api.user.carbon.wso2.org/xsd">
<ser<ns:action>ui.execute</ser:action>
</ser:getAllowedRolesForResource>
</soapenv:Body>
</soapenv:Envelope> |
| | Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ns:getAllowedRolesForResourceResponse xmlns:ns="http://service.ws.um.carbon.wso2.org"
xmlns:ax2599="http://core.user.carbon.wso2.org/xsd"
xmlns:ax2600="http://api.user.carbon.wso2.org/xsd">
<ns:return>admin<return>/permission</ns:return>
<ns:return>/permission/admin/configure/</ns:return>
<ns:return>/permission/admin/login/</ns:return>
<ns:return>/permission/admin/manage/</ns:return>
<ns:return>/permission/admin/monitor/</ns:return>
<ns:return>/permission/protected/</ns:return>
<ns:return>myrole<return>/permission/testlogin/</ns:return>
</ns:getAllowedRolesForResourceResponse>
</soapenv:Body>
</soapenv:Envelope> |
|
|
...
Error codes
| Invalid Permission root path provided |
Error loading authorizations. Please check the database. Error message is message |
getAllowedUIResourcesForRole
This function retrieves the list of UI resources in the specified root patch for which the user has authorization. path for a given role.
Input parameters
| Parameter | Description |
|---|
| userNameroleName | The username name of the specific user role (e.g., "admin") |
| permissionRootPath | The permission root path |
...
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:getAllowedUIResourcesForUser>getAllowedUIResourcesForRole>
<!--Optional:--> <ser:userName>admin<roleName>admin</ser:userName>roleName>
<!--Optional:--> <ser:permissionRootPath>/</ser:permissionRootPath>
</ser:getAllowedUIResourcesForUser>getAllowedUIResourcesForRole>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Body> <ns:getAllowedUIResourcesForUserResponsegetAllowedUIResourcesForRoleResponse xmlns:ns="http://service.ws.um.carbon.wso2.org" xmlns:ax2599ax2716="http://core.user.carbon.wso2.org/xsd" xmlns:ax2600ax2717="http://api.user.carbon.wso2.org/xsd">
<ns:return>/permission</ns:return> <ns:return>/permission/admin/configure/</ns:return> <ns:return>/permission/admin/login/</permission</ns:return>
<ns:return>/permission/admin/manage/</ns:return> <ns:return>/permission/admin/configure/monitorsecurity/<usermgt</ns:return>
<ns:return>/permission/protectedadmin/<login</ns:return>
<ns:return>/permission/admin/testloginmanage/identity/<applicationmgt</ns:return>
</ns:getAllowedRolesForResourceResponse>getAllowedUIResourcesForRoleResponse>
</soapenv:Body>
</soapenv:Envelope> |
|
|
...
| Localtabgroup |
|---|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:isRoleAuthorized>
<!--Optional:-->
<ser:roleName>role1</ser:roleName>
<!--Optional:-->
<ser:resourceId>/permission/admin/login</ser:resourceId>
<!--Optional:-->
<ser:action>ui.execute</ser:action>
</ser:isRoleAuthorized>
</soapenv:Body>
</soapenv:Envelope> |
|
| Localtab |
|---|
| | Code Block |
|---|
| <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ns:isRoleAuthorized xmlns:ns="http://service.ws.um.carbon.wso2.org">
<ns:return>false</ns:return>
</ns:isRoleAuthorized>
</soapenv:Body>
</soapenv:Envelope> |
|
|
Error codes
Error loading authorizations. Please check the database. Error message is + errorMessage |