Roles contain permissions for users to manage the server. You can create different roles with various combinations of permissions and assign them to a user or a group of users. Through the Management Console, you can also edit and delete an existing user role.
WSO2 supports the role-based authentication model where privileges of a user are based on the role to which it is attached. By default, WSO2 products come with the following roles:
- Admin - Provides full access to all features and controls. By default, the admin user is assigned to both the Admin and the Everyone roles.
- Everyone - Every new user is assigned to this role by default. It does not include any permissions by default.
- System - This role is not visible in the Management Console.
If a user has several assigned roles, their permissions are added together.
Follow the instructions below to add a user role.
- On the Main tab in the management console, click Add under Users and Roles.
- Click Roles.
This link is only visible to users with Security level permissions role. By default, the admin user has this permission enabled. - Click Add New Role. The following screen will open:
- Do the following:
- In the Domain list, specify the user store where you want to create this role. This list includes the primary user store and any other secondary user stores that are configured for your product.
- Enter a unique name for this role.
- Click Next.
- Select the permissions that you want users with this role to have.
Note that when you assign this role to a user, you can override the role's permissions and customize them for the user. - Select the existing users to whom this role should be assigned. You can also assign this role to users later, but if you are creating this role in an external user store that does not allow empty roles, you must assign it to at least one user. You can search for a user by name, or view all users by entering
*in the search field. - Click Finish.
The role is created and is listed on the Roles page.