Managing Role Permissions

The wso2.anonymous.role is a special role that represents a user that has not logged into the WSO2 Governance Registry Management Console. Granting Read access to resources for this role would mean that you do not require authentication to access resources using the respective Permalinks. The everyone role is a special role that represents a user that has logged into the WSO2 Governance Registry Management Console. Granting Read access to a resource would mean that any user who has logged into the Management Console with sufficient permissions to access the Resource Browser can read the respective resource. Granting Write or Delete access to a resource would mean that any user who has logged into the Management Console with sufficient permissions to access the Resource Browser  can make changes to the respective resource.

Authorize is a special permission that gives a role the ability to grant and revoke permissions.

Denied permissions have higher priority over allowed permissions. Essentially, this means that a denied permission always overrides an allowed permission assigned to a role. Denied permissions must be set at the collection level. For example, if you want to deny the write/delete action on a given policy file, you should set the permission for Write/Delete to Deny for the role at the /trunk/policies level. If you set the permission to Deny beyond the collection level (e.g.: / or /_system…etc), it will not be applied to the user role.