This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Managing Role Permissions

The "Permissions" panel shows the defined role permissions, allows to add new role permissions and edit existing ones.

Adding New Role Permissions

1. In the "New Role Permission" panel, select a role to set a permission.

Note

The "wso2.anonymous.role" is a special role that represents a user that has not logged into the WSO2 Governance Registry Management Console. Granting "Read" access to resources for this role would mean that you do not require authentication to access resources using the respective Permalinks. The "everyone" role is a special role that represents a user that has logged into the WSO2 Governance Registry Management Console. Granting "Read" access to a resource would mean that any user who has logged into the Management Console with sufficient permissions to access the Resource Browser can read the respective resource. Granting "Write" or "Delete" access to a resource would mean that any user who has logged into the Management Console with sufficient permissions to access the Resource Browser  can make changes to the respective resource.

2. Select an action from the drop-down menu. The following actions are available:

  • Read
  • Write
  • Delete
  • Authorize

Note

"Authorize" is a special permission that gives a role the ability to grant and revoke permissions.

3. Select whether to allow the action the selected role or deny.

Note

"Deny" permissions have higher priority over "Allow" permissions. Essentially, this means that a "Deny" permission always overrides an "Allow" permission assigned to a role. "Deny" permission must be given at the collection level. For example, If the user does want to "Deny" the write/delete action on a given policy file, User should set the permission to "Write/Delete" to "Deny" for the his role at the "/trunk/policies". If the user gives the "Deny" permission beyond the collection level (eg : / or /_system...etc) it will not be applied for the user's role.

4. Click on the "Add Permission" button.

5. A new permission appears in the "Defined Role Permissions" list.

Editing Role Permissions

1. Existing permissions can be changed by selecting and clearing the check boxes for required permissions in the "Defined Role Permissions" list.

2. After editing the permissions, click on the "Apply All Permissions" button to save the alterations.