Managing Role Permissions
The Permissions panel shows the defined role permissions, and allows to add new role permissions and edit existing ones.
Adding new role permissions
1. In the New Role Permission panel, select a role to set a permission.
Note
The wso2.anonymous.role
is a special role that represents a user that has not logged into the WSO2 Governance Registry Management Console. Granting Read access to resources for this role would mean that you do not require authentication to access resources using the respective Permalinks. The everyone
role is a special role that represents a user that has logged into the WSO2 Governance Registry Management Console. Granting Read access to a resource would mean that any user who has logged into the Management Console with sufficient permissions to access the Resource Browser can read the respective resource. Granting Write or Delete access to a resource would mean that any user who has logged into the Management Console with sufficient permissions to access the Resource Browser can make changes to the respective resource.
2. Select an action from the drop-down menu. The following actions are available:
- Read
- Write
- Delete
- Authorize
Note
Authorize is a special permission that gives a role the ability to grant and revoke permissions.
3. Select whether to allow or deny the action for the selected role.
Note
Denied permissions have higher priority over allowed permissions. Essentially, this means that a denied permission always overrides an allowed permission assigned to a role. Denied permissions must be set at the collection level. For example, if you want to deny the write/delete action on a given policy file, you should set the permission for Write/Delete to Deny for the role at the /trunk/policies
level. If you set the permission to Deny beyond the collection level (e.g.: / or /_system…etc), it will not be applied to the user role.
4. Click Add Permission.
5. The new permission appears in the Defined Role Permissions list.
Editing role permissions
1. Existing permissions can be changed by selecting and clearing the check boxes for the required permissions in the Defined Role Permissions list.
2. After editing the permissions, click Apply All Permissions to save the alterations.