...
WSO2 supports the role-based authentication model where privileges of a user are based on a the role it is attached withto. By default, WSO2 products come with the following roles:
...
The role is created and is listed on the Roles page. You can now edit the role as needed.
Info |
---|
When adding roles to external user stores, note the following:
|
Searching for user roles
You can search for an existing user role using the search facility on the Roles screen as follows:
- S elect the domain (unique identifier) of the user store where you want to search for the role. By default, there are three options:
- PRIMARY: Searches within the primary user store.
- ALL-USER-STORE-DOMAINS: Searches within all user stores configured in the system.
- Internal: Searches in the database where internal/system-reserved user roles such as
Internal/everyone
are stored.
- PRIMARY: Searches within the primary user store.
- Enter the role name pattern. For example, if you enter "ab*", it returns all roles that have names starting with "ab".
- Click Search to see the results.
Editing or deleting a role
If you need to make modifications to a role, select the domain (user store) where the role resides, and then use the links in the Actions column on the Roles screen as follows:
...
If you need to make modifications to the role names, you need to do one of the following:
Table of Contents | ||||
---|---|---|---|---|
|
...
Update after the product is used for sometime
...
You
...
do not have to do this when updating before the first startup.
...
The following steps guide you through updating the role names:
- Make the configuration changes indicated in the above section.
- You need to do the following user store level changes for existing users if you have changed the role names as mentioned earlier.
If you are connected to
JDBCUserStoreManager
you need to update theUM_USER_ROLE
table with the existing users after changing the 'admin
' and 'everyone
' role names. Also if you have changed the permission of 'everyone
' role theUM_ROLE_PERMISSION
has to be updated with the permissions to the new role.Info The schema can be located by referring to the data source defined in the user-mgt.xml file. The data source definition can be found under
repository/conf/datasources/master-datasources.xml
.- If you are connected to
ReadWriteLdapUserStoreManager
you need to populate the members of the previous admin role to the new role under the Groups.
- After the changes restart the server.
...