This documentation is for WSO2 Enterprise Store version 1.0.0. View documentation for the latest release.

Unknown macro: {next_previous_link3}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Current »

A user role is a consolidation of several permissions. A permission is a 'delegation of authority' or a 'right' assigned to a user or a group of users to perform an action on a system. Permissions can be granted to or revoked from a user/user group/user role automatically or by a system administrator. For example, if a user has the permission to log in to a systems, then the permission to log out is automatically implied without the need of granting it specifically.   Instead of associating permissions with a user, admins can associate permissions with a user role and assign the role to users. User roles can be reused throughout the system and prevents the overhead of granting multiple permissions to each and every user individually.

Default user roles

The following are the roles that are available by default in ES:

All ES specific roles are stored internally in the DB that is shipped with ES.

  • Internal/publisher - users in this role will be allowed to create new assets (i.e., an asset author would belong to this role).
  • Internal/reviewer - users in this role are considered as the store reviewers. Every asset needs to be reviewed by a user in this role, before the asset is published into the ES Front.
  • private_{username} - users’ private role. Every user in the ES are automatically associated with a role that is created by prefixing their username with private_ . This role is used to control per user permissions.
  • Internal/everyone - This is a system reserved role to create system operations. 

    If you wish to prevent external operations being carried out by the Internal/everyone role, ensure to revoke operations from the role.

Permissions associated with user roles

User roleAllows Actions
Internal/publisher
  • Login to ES.
  • Create assets.
  • Submit assets to be reviewed.
  • Publish approved assets.
  • Unpublish assets.
  • Deprecate published assets.
  • Retire deprecated assets.
  • Retire unpublished assets.
Internal/reviewer
  • Login to ES.
  • Approve or reject assets that are in the in-review state.
private_{username}By default, only the login permission is assigned to this role. However, if there are permissions that need to be allowed to specific users, they can be assigned using this role. Ensure to replace the {username} with that specific user's username.

The Add, Modify and Remove role options are only visible to administrators with privileges.

Adding a user role

To add a user role:

  1. Log in to the Enterprise Store management console using the following URL: https://localhost:9443/admin/carbon/
  2. On the Configure menu, click Users and Roles.
  3. Click Roles. The Roles page appears.
  4. Click Add New Role.
  5. Select the domain. By default, PRIMARY will appear to indicate the primary user store; however, if secondary user stores have been added they will be listed in the Domain drop-down list.
  6. Enter the name for the role.
  7. Click Next and proceed to the next step. You can also click Finish, in which case, the new roles will be created with default permissions (none) and no assigned users.
  8. Select permissions for the new role. 
  9. Click Next.
  10. Enter a username pattern. Use one of the following approaches: 
    • Enter the exact username.
    • Enter part of the username followed by or preceded by an asterisk (*) (for example, ad* - this option will return all the users that have usernames starting with "ad").
    • Enter only an asterisk (*). This option will return all the users under the selected domain.
  11. Select the users that will be assigned to the role. 
  12. Click Finish.
    The new role is added to the list on the Roles page.

When adding roles to external user stores

  • Some external user stores do not allow you to create empty roles. In that case, selecting users who belong to a role is mandatory.
  • If you connect to an external user store (e.g., LDAP) in the read only mode, you can read existing roles from it, but you can not edit/delete the roles. In this case, you can still create new roles that are editable and can be managed internally.
  • If you connect to an external user store in read/write mode, you can edit the roles in the external user store as well.

Creating an internal role

To create an internal role:
  1. Log in to the Enterprise Store management console using the following URL:  https://localhost:9443/admin/carbon/
  2. On the Configure menu, click Users and Roles.
  3. Click Roles. The Roles page appears.
  4. Click Add New Internal Role.
  5. Enter a name for the role.
  6. Click Next to proceed to the next step. You can also click Finish, in which case, the new roles will be created with default permissions (none) and no assigned users.
  7. Select the respective permissions that need to be assigned to the role and click Next .
  8. Enter a username pattern and click Search.
    • Enter the exact username.
    • Enter part of the username followed by or preceded by an asterisk (*) (for example, ad* - this option will return all the users that have usernames starting with "ad".)
    • Enter only an asterisk *. This option will return all the users that have not been assigned to this role.
  9. Select the respective users that need to be assigned to this role.
    You can also click Finish. In this case, the new roles will be created with no assigned users.
  10. Click Finish.

Searching for roles

To search for roles:

  1. Log in to the Enterprise Store management console using the following URL: https://localhost:9443/admin/carbon/
  2. On the Configure menu, click Users and Roles.
  3. Click Roles. The Roles page appears.
  4. Select the user store domain.
  5. Enter a role name pattern. Use one of the following approaches:  
    • Enter the exact role name.
    • Enter part of the role name followed by or preceded by an asterisk (*) (for example, t* - this option will return all the roles that have role names starting with "t".)
    • Enter only an asterisk *. This option will return all the roles under the selected domain.
  6. Click Search.

Editing a user role

To edit a user role:

  1. Log in to the Enterprise Store management console using the following URL: https://localhost:9443/admin/carbon/
  2. On the Configure menu, click Users and Roles.
  3. Click Roles. The Roles page appears.
  4. Search for the role.
  5. To Rename the role:
    • Click Rename.
    • Enter the new name of the role.
    • Click Finish.
  6. To edit the permissions of the role:
    • Click the respective  Permissions  link.
    • Select/De-select on the permissions that you wish to add/remove.
    • Click Update.
    • A confirmation message appears. Click OK.
  7. To assign users to the role:
    • Click the respective  Assign Users  link.
    • Select on the users that you wish to assign to this role.
    • Click Update.
    • A confirmation message appears. Click OK.
    • Click Finish.

Deleting a user role

To delete a user role:

  1. Log in to the Enterprise Store management console using the following URL: https://localhost:9443/admin/carbon/
  2. On the Configure menu, click Users and Roles.
  3. Click Roles. The Roles page appears.
  4. Search for the role.
  5. Click the corresponding  Delete link.
  6. Click Yes to accept the confirmation request.

  • No labels