Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Before you begin, note the following:

...

Your product has a primary user store where the users/roles that you create using the management console are stored by default. It's default RegEx configurations are as follows. RegEx configurations ensure that parameters like the length of a user name/password meet the requirements of the user store.

Code Block
PasswordJavaRegEx-------- ^[\S]{5,30}$
PasswordJavaScriptRegEx-- ^[\S]{5,30}$
UsernameJavaRegEx-------- ^~!#$;%*+={}\\{3,30}$
UsernameJavaScriptRegEx-- ^[\S]{3,30}$
RolenameJavaRegEx-------- ^~!#$;%*+={}\\{3,30}$
RolenameJavaScriptRegEx-- ^[\S]{3,30}$

...

User management functionality is provided by default in all WSO2 Carbon-based products and is configured in the user-mgt.xml file found in the <PRODUCT_HOME>/repository/conf/

...

Excerpt
hiddentrue

 The description given above is added to answer the following FAQ:/wiki/spaces/FAQ/pages/37781592.

Go to the relevant topic listed below for details:

Table of Contents
maxLevel3
minLevel3
printablefalse

Managing Users

This following topics explain how new user accounts can be added and managed using the management console of your product.

Adding a new user and assigning roles

To add a new user account and assign roles:

  1. Log in to the product management console.
  2. On the Configure menu, click Users and Roles. The User Management page appears.
  3. Click Users. The Users page appears.

    Info

    The Users link is only visible to users with the "Admin" permission. The Users page is used to add new user accounts and also modify or delete existing accounts if needed.

  4. Click Add New User. The Add User page appears.
  5. Select the domain. By default, PRIMARY will appear to indicate the primary user store; however, if secondary user stores have been added they will be listed in the Domain drop-down menu as well.
  6. Enter the username and password.
  7. If you want to add a user with the default "Internal/everyone" role, click Finish and you are done. Otherwise, click Next to define a user role and proceed to the next step.
  8. Enter a role name pattern. Use one of the following approaches:  
    • Enter the exact role name.
    • Enter part of the role name followed by or preceded by an asterisk (*) (for example, t* - this option will return all the roles that have role names starting with "t".)
    • Enter only an asterisk (*). This option will return all the roles under the selected domain.
  9. Click Search.
  10. Select the appropriate user roles.
  11. Click Finish.
    A new user account will be created with the default/specified roles, while the username is displayed in the u ser list.

Importing users

In addition to manually adding individual users, you can import multiple users in bulk if you have exported them to a comma-separated values (.csv) file or Microsoft Excel (.xls) file.

Info

This is only supported if you have configured your user store as JDBCUserStoreManager. See here for information on how to do this. 

  1. On the Users screen, click Bulk Import Users.
  2. Browse and select the file that contains the user data. 
  3. Specify a default password to assign to all the users you are importing and click Finish. This password is valid for only 24 hours, so you should inform your users that they must log in and change their password within 24 hours.

Searching for users

To search for users:

  1. Log in to the product management console.
  2. On the Configure menu, click Users and Roles. The User Management page appears.
  3. Click Users. The Users page appears.
  4. Select the user store domain.
  5. Enter a username pattern. Use one of the following approaches: 
    • Enter the exact username.
    • Enter part of the username followed by or preceded by an asterisk (*) (for example, ad* - this option will return all the users that have usernames starting with "ad".)
    • Enter only an asterisk (*). This option will return all the users under the selected domain.
  6. Click Search.
    Image Removed

Editing users

User roles can be edited by either changing the user's password or by assigning more user roles.

To edit a user:

  1. Log in to the product management console.
  2. On the Configure menu, click Users and Roles. The User Management page appears.
  3. Click Users. The Users page appears.

  4. Search for the user.
  5. To edit add more user roles:
    1. Click the corresponding Assign Roles link.
    2. Enter a role name pattern. Use one of the following approaches:  
      • Enter the exact role name.
      • Enter part of the role name followed by or preceded by an asterisk (*) (for example, t* - this option will return all the roles that have role names starting with "t".)
      • Enter only an asterisk (*). This option will return all the roles under the selected domain.
    3. Click Search.
    4. If you wish to edit the permissions of a selected role:
      • Click the respective Permissions  link.
      • Select/De-select on the permissions that you wish to add/remove.
      • Click Update.  
    5. Select the respective roles that you wish to assign to the user.
    6. Click Update. Click OK, when a confirmation message appears.
    7. Click Finish. Click  OK, when a confirmation message appears.
  6. To edit a user's password:

    Info

    You cannot change the username of an existing user.

    1. Click Change Password, respective to the selected user.
    2. Enter the new password and click Change.
    3. If the password change is successful, a message appears. Click OK.

Deleting a user

To delete a user:

  1. Log in to the product management console.
  2. On the Configure menu, click Users and Roles. The User Management page appears.
  3. Click Users. The Users page appears.
  4. Search for the user.
  5. Click the Delete link respective to the user you wish to delete.

  6. Click Yes, when the confirmation request appears. 

    Info

    You can not undo this operation once performed.

Changing my password

To change the current user's password:

  1. Log in to the product management console.
  2. On the Configure menu, click Users and Roles. The User Management page appears.
  3. Click Change My Password. The Change Password page appears.

  4. Enter the current password and the new password and click Change.

    Info

    If the user has forgotten his/her current password, they need to contact the administrator and get their password reset.

  5. Click OK, when the confirmation message appears.

Managing Roles

This following topics explain how user roles can be added and managed using the management console of your product.

Adding a user role

To add a user role:

  1. Log in to the product management console.
  2. On the Configure menu, click Users and Roles.
  3. Click Roles. The Roles page appears.
  4. Click Add New Role.
  5. Select the domain. By default, PRIMARY will appear to indicate the primary user store; however, if secondary user stores have been added they will be listed in the Domain drop-down list.
  6. Enter the name for the role.
  7. Click Next and proceed to the next step. You can also click Finish, in which case, the new roles will be created with default permissions (none) and no assigned users.
  8. Select permissions for the new role. 
  9. Click Next.
  10. Enter a username pattern. Use one of the following approaches: 
    • Enter the exact username.
    • Enter part of the username followed by or preceded by an asterisk (*) (for example, ad* - this option will return all the users that have usernames starting with "ad".)
    • Enter only an asterisk (*). This option will return all the users under the selected domain.
  11. Select the users that will be assigned to the role. 
  12. Click Finish.
    The new role is added to the list on the Roles page.
Info

When adding roles to external user stores

  • Some external user stores do not allow you to create empty roles. In that case, selecting users who belong to a role is mandatory.
  • If you connect to an external user store (e.g., LDAP) in the read only mode, you can read existing roles from it, but you can not edit/delete the roles. In this case, you can still create new roles that are editable and can be managed internally.
  • If you connect to an external user store in read/write mode, you can edit the roles in the external user store as well.

Creating an internal role

To create an internal role:
 
  1. Log in to the product management console.
  2. On the Configure menu, click Users and Roles.
  3. Click Roles. The Roles page appears.
  4. Click Add New Internal Role.
  5. Enter a name for the role.
  6. Click Next to proceed to the next step. You can also click Finish, in which case, the new roles will be created with default permissions (none) and no assigned users.
  7. Select the respective permissions that need to be assigned to the role and click  Next.
  8. Enter a username pattern and click Search.
    • Enter the exact username.
    • Enter part of the username followed by or preceded by an asterisk (*) (for example, ad* - this option will return all the users that have usernames starting with "ad".)
    • Enter only an asterisk *. This option will return all the users that have not been assigned to this role.
  9. Select the respective users that need to be assigned to this role.
    You can also click Finish. In this case, the new roles will be created with no assigned users.
  10. Click Finish.

Searching for roles

To search for roles:

  1. Log in to the product management console.
  2. On the Configure menu, click Users and Roles.
  3. Click Roles. The Roles page appears.
  4. Select the user store domain.
  5. Enter a role name pattern. Use one of the following approaches:  
    • Enter the exact role name.
    • Enter part of the role name followed by or preceded by an asterisk (*) (for example, t* - this option will return all the roles that have role names starting with "t".)
    • Enter only an asterisk *. This option will return all the roles under the selected domain.
  6. Click Search.
    Image Removed

Editing a user role

To edit a user role:

  1. Log in to the product management console.
  2. On the Configure menu, click Users and Roles.
  3. Click Roles. The Roles page appears.
  4. Search for the role.
  5. To Rename the role:
    • Click Rename.
    • Enter the new name of the role.
    • Click Finish.
  6. To edit the permissions of the role:
    • Click the respective  Permissions link.
    • Select/De-select on the permissions that you wish to add/remove.
    • Click Update.
    • A confirmation message appears. Click OK.
  7. To assign users to the role:
    • Click the respective  Assign Users link.
    • Select on the users that you wish to assign to this role.
    • Click Update.
    • A confirmation message appears. Click OK.
    • Click Finish.

Deleting a user role

To delete a user role:

...

 directory. The following documentation explains how users, roles and permissions can be managed using the management console of WSO2 products.

Include Page
Shared:Managing Users, Roles and Permissions (V3)
Shared:Managing Users, Roles and Permissions (V3)
Child pages (Children Display)