This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Users and Roles

Owned by Former user (Deleted)
Last updated: Jul 12, 2012Version comment
2 min read

WSO2 Gadget Server allows managing users and their roles. A user is associated with one or more roles (generally specified at user creation time) and each role is associated with zero or more permissions (generally specified at role creation time). Therefore, the set of permissions owned by a user is determined by the roles assigned to that user. If a user has several assigned roles, their permissions are added together.

By default, Gadget Server comes with the following roles:

  • Admin - Provides full access to all the features and controls in the Gadget Server. By default, the user "admin" is assigned both the "Admin" and the "Everyone" roles.
  • Everyone - Every new user is assigned to this role by default. It does not include any permission.
  • System - This role is not visible in the management console.

Note

The Gadget Server UI does not allow to remove the "Admin" user from the "Admin" role.

Server Roles

A "ServerRole" is a parameter that is mentioned in <GS_HOME>/repository/conf/carbon.xml for WSO2 carbon-based products. Each product has a different default "ServerRoles". The default server role value for WSO2 Gadget Server is "GadgetServer." as mentioned in the carbon.xml.

<ServerRoles>
    <Role>GadgetServer</Role>
</ServerRoles>

Permissions

The permission model of WSO2 Gadget Server is hierarchical. The full permission tree looks as follows:

Permission can be assigned to the role in a fine-grained or a coarse-grained manner. You can either select the whole class of permissions, by checking the corresponding box or you can expand that class and select one or several items:

"Read/Write" and "Read Only" Modes

The User Management of WSO2 Carbon facilitates the management and control of user accounts and roles at different levels.

The User Store of Carbon products can be configured to operate in one of the following modes, which determine the functionality.

Modes of operation:

  • Read/write  - This mode allows the user to modify the User Store.
  • Read only  - This mode prevents the user from changing any data in the User Store.

If the User Store is operating in "Read/Write" mode, the user can:

  • Add, modify or remove user accounts
  • Reset user passwords
  • Manage user roles
  • Connect to different User Stores

If the User Store is operating in "Read Only" mode, the user can:

  • View user accounts

Note

WSO2 Carbon maintains roles and permissions in the Carbon database, but it can read users/roles from the configured User Store.

Also refer to Managing Role Permissions in the "Registry" section.