Roles contain permissions for users to manage the Server. You can create different roles with various combinations of permissions and assign them to a user or a group of users. Through the management console, you can also edit and delete an existing user role.
Adding a User Role
Follow the instructions below to add a user role.
1. Log on to the product's Management Console and select "Users and Roles" under the "Configure" menu.
For example,
2. In the "User Management" window which appears, click the "Roles" link.
3. In the "Roles" window, click on the "Add New Role" link.
4. Enter the name for the role and click "Next". You can also click "Finish", in which case, the new roles will be created with default permissions (none) and no assigned users.
5. If you proceed, you will be asked to select permission for the new role. Click "Next" once done.
6. Select the users that will be assigned to the role. You can conduct a search by name, or view all users by entering "*" into the search field.
Click the "Finish" button once user is selected.
7. The new role is added to the list.
When Adding Roles to External User Stores
- Some external user stores do not allow you to create empty roles. In that case, selecting users who belong to a role is mandatory.
- If you connect to an external user store in read only mode, you can read existing roles from it but you can not edit/delete the roles. In this case, you can still create new roles which are editable and can be managed internally.
- If you connect to an external user store in read/write mode, you can edit the roles in the external user store as well.
Editing a User Role
1. Log on to the product's Management Console and select "Users and Roles" under the "Configure" menu.
2. In the "User Management" window which appears, click on the "Users" link.
3. From the list of users, find the user whose role you want to change and click the "Roles" link associated with it.
4. The window that opens contains information about the roles assigned to that user. Select the role you want to assign using the check boxes and click "Update".
5. The user role will be changed. The program goes back to the user menu.
Deleting a User Role
Follow the instructions below to delete a user role.
1. Log on to the product's Management Console and select "Users and Roles" under the "Configure" menu.
2. In the "User Management" window which appears, click the "Roles" link.
3. Click the "Delete" link associated with the role you want to delete.
4. Accept the confirmation request.
Importing users
In addition to creating users manually, user information stored in a CSV or Excel file can be imported in bulk to a user store configured in your WSO2 product. This possibility is only available if you have a JDBC user store configured for your product.
Note the following before you use this feature:
- It is recommended to upload a maximum of 500,000 users at a time. If you need to upload more users, you can upload them in separate batches of 500,000 each.
You can also specify the size of the file that you can upload to the product in the
<PRODUCT_HOME>/repository/conf/carbon.xml
file using theTotalFileSizeLimit
element as shown below. This value is in MB.<TotalFileSizeLimit>100</TotalFileSizeLimit>
Creating a file with users
You must first create a CSV file or an Excel file with the user information. It is possible to import the username and password directly from the CSV/Excel to the product. Other user attributes can be imported only if claim URls are defined for such attributes in the product. For example, consider that you have claim URls defined for your product as shown below. These will allow you to import the user's email address, full name, last name, given name and role in addition to the username and password.
The username, password and other attributes (claim URls) that you import should be given in a CSV file as shown below. Note that the first line of the file will not be imported considering that it is not a username.
Importing users from the CSV/Excel file
To import users in bulk:
- Log in to the management console of your WSO2 product.
- Click Add under Users and Roles in the Configure menu.
- In the Add Users and Roles screen, click Bulk Import Users.
- The user stores configured for your product will be listed in the Domain field. Select the user store to which you want to import the users from the list.
- Click Choose File to give the path to the CSV/Excel file that contains the users that you want to import.
- Click Finish to start importing.
The default password of the imported users is valid only for 24 hours. As the system administrator, you can resolve issues of expired passwords by logging in as the Admin and changing the user's password from the User Management -> Users page. The 'Everyone' role will be assigned to the users by default.