This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring Roles

Roles contain permissions for users to manage the server. You can create different roles with various combinations of permissions and assign them to a user or a group of users. Through the management console, you can also edit and delete an existing user role.

Adding a user role

Follow the instructions below to add a user role.

  1. On the Configure tab in the management console, click Users and Roles.
  2. Click Roles. This link is only visible to users with the Admin role.
  3. Click Add New Role.
  4. Do the following:
    1. In the Domain list, specify the user store where you want to create this role.
    2. Enter a unique name for this role.
    3. Click Next.
  5. Select the permissions you want users with this role to have. Note that when you assign this role to a user, you can override the role's permissions and customize them for the user. 
  6. Select the existing users you want to have this role. You can also assign this role to users later, but if you are creating this role in a primary user store that does not allow empty roles, you must assign it to at least one user. You can search for a user by name, or view all users by entering * in the search field.
  7. Click Finish.

The role is created and is listed on the Roles page. You can now edit the role as needed.

Editing or deleting a role

If you need to make modifications to a role, select the domain (user store) where the role resides, and then use the links in the Actions column on the Roles screen as follows:

  • Rename the role
  • Change the default permissions associated with this role
  • Assign this role to users
  • View the users who are assigned this role
  • Delete the role if you no longer need it

If the role is in a primary user store to which you are connected in read-only mode, you will be able to view the existing roles but not edit or delete them. However, you can still create new editable roles.

 

 

Â