Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning
titleUnder Construction

This page is currently under construction. Page content might not be entirely accurate.

WSO2 Identity Server supports the role-based authentication model where privileges of a user are based on the role roles attached.

A user is associated with one or more roles (generally specified upon user creation), and each role is associated with zero or more permissions (also generally specified upon user role creation). Therefore, the set of permissions owned by a user is determined by the roles assigned to that user. If a user has several assigned roles, their permissions are added together.

...

titleRelated topics

For detailed information on configuring users, roles, and permissions, see the following topics.

...

Info
titleBefore you begin

The following items are things to note before you begin.

By default, Identity Server comes with the following roles:

    • Admin - Provides full access to all features and controls. By default, the user "Admin" is assigned to both the "Admin" and the "Everyone" roles. The Identity Server does not allow you to configure permissions assigned to the "Admin" role.

    • Everyone - Every new user is assigned to this role by default. It does not include any permissions.
    • System - This role is not visible in the Management Console.

    Only system administrators can add, modify and remove users and roles. To set up administrators, see Configuring the System Administrator

  • Your product has a primary user store where the users/roles that you create using the management console are stored by default. It's default RegEx configurations are as follows. RegEx configurations ensure that parameters like the length of a user name/password meet the requirements of the user store.

    Code Block
    PasswordJavaRegEx-------- ^[\S]{5,30}$
    PasswordJavaScriptRegEx-- ^[\S]{5,30}$
    UsernameJavaRegEx-------- ^~!#$;%*+={}\\{3,30}$
    UsernameJavaScriptRegEx-- ^[\S]{3,30}$
    RolenameJavaRegEx-------- ^~!#$;%*+={}\\{3,30}$
    RolenameJavaScriptRegEx-- ^[\S]{3,30}$

    When creating users/roles, if you enter a username, password etc. that does not conform to the RegEx configurations, the system throws an exception. You can either change the RegEx configuration or enter values that conform to the RegEx. If you change the default user store or set up a secondary user store, configure the RegEx accordingly under the user store manager configurations in <IS_HOME>/repository/conf/user-mgt.xml file.

  • The permission model of WSO2 Identity Server is hierarchical. Permissions can be assigned to a role in a fine-grained or a coarse-grained manner.

    Info

    WSO2 Carbon maintains roles and permissions in the Carbon database, but it can also read users/roles from the configured User Store.

Panel
titleRelated topics

For detailed information on configuring users, roles, and permissions, see the following topics.

Child pages (Children Display)

You can also see the following pages for system administrator related configurations:

Excerpt
hiddentrue

Description of users, roles, and permissions in WSO2 Identity Server.