/
Permissions Required to Invoke Admin Services

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Permissions Required to Invoke Admin Services

Nov 15, 2017

The following table lists out the various operations that can be performed with different permission levels.

Permission level

Service

Operations

Permission level

Service

Operations

Tenant level permissions

/admin/manage/identity          



UserStoreConfigAdminService

  • addUserStore

  • changeUserStoreState

  • deleteUserStore

  • deleteUserStoresSet

  • editUserStore

  • editUserStoreWithDomainName

  • getAvailableUserStoreClasses

  • getSecondaryRealmConfigurations

  • getUserStoreManagerProperties

  • testRDBMSConnection

UserProfileMgtService





  • associateID

  • deleteUserProfile

  • getAssociatedIDs

  • getInstance

  • getNameAssociatedWith

  • getProfileFieldsForInternalStore

  • getUserProfile

  • getUserProfiles

  • isAddProfileEnabled

  • isAddProfileEnabledForDomain

  • isReadOnlyUserStore

  • removeAssociateID

  • setUserProfile

RemoteAuthorizationManagerService

  • authorizeRole

  • authorizeUser

  • clearAllRoleAuthorization

  • clearAllUserAuthorization

  • clearResourceAuthorizations

  • clearRoleActionOnAllResources

  • clearRoleAuthorization

  • clearUserAuthorization

  • denyRole

  • denyUser

  • getAllowedRolesForResource

  • getAllowedUIResourcesForUser

  • getDeniedRolesForResource

  • getExplicitlyAllowedUsersForResource

  • getExplicitlyDeniedUsersForResource

  • isRoleAuthorized

  • isUserAuthorized

  • resetPermissionOnUpdateRole

RemoteClaimManagerService

  • addNewClaimMapping

  • deleteClaimMapping

  • getAllClaimMappings

  • getAllClaimUris

  • getAllRequiredClaimMappings

  • getAllSupportClaimMappingsByDefault

  • getAttributeName

  • getAttributeNameFromDomain

  • getClaim

  • getClaimMapping

  • updateClaimMapping

RemoteProfileConfigurationManagerService

  • addProfileConfig

  • deleteProfileConfig

  • getAllProfiles

  • getProfileConfig

  • updateProfileConfig

RemoteUserStoreManagerService

  • addRole

  • addUser

  • addUserClaimValue

  • addUserClaimValues

  • authenticate

  • deleteRole

  • deleteUser

  • deleteUserClaimValue

  • deleteUserClaimValues

  • getAllProfileNames

  • getHybridRoles

  • getPasswordExpirationTime

  • getProfileNames

  • getProperties

  • getRoleListOfUser

  • getRoleNames

  • getTenantId

  • getTenantIdofUser

  • getUserClaimValue

  • getUserClaimValues

  • getUserClaimValuesForClaims

  • getUserId

  • getUserList

  • getUserListOfRole

  • isExistingRole

  • isExistingUser

  • isReadOnly

  • listUsers

  • setUserClaimValue

  • setUserClaimValues

  • updateCredential

  • updateCredentialByAdmin

  • updateRoleListOfUser

  • updateRoleName

  • updateUserListOfRole

SCIMConfigAdminService

  • addGlobalProvider

  • deleteGlobalProvider

  • getAllGlobalProviders

  • getGlobalProvider

  • updateGlobalProvider

 UserAdmin

  • addInternalRole

  • addRemoveRolesOfUser

  • addRemoveUsersOfRole

  • addRole

  • bulkImportUsers

  • deleteRole

  • getAllSharedRoleNames

  • getAllUIPermissions

  • getRolePermissions

  • getRolesOfUser

  • isSharedRolesEnabled

  • listUserByClaim

  • setRoleUIPermission

  • updateRoleName

  • updateRolesOfUser

  • updateUsersOfRole

  • getUsersOfRole

  • changePassword

  • addUser

  • deleteUser

  • changePasswordByUser

  • getRolesOfCurrentUser

  • getUserRealmInfo

  • getAllRolesNames

  • hasMultipleUserStores

  • listAllUsers

  • listUsers

MultipleCredentialsUserAdmin

  • addUserWithUserId

  • authenticate

  • deleteUserClaimValue

  • deleteUserClaimValues

  • getUserClaimValue

  • getUserClaimValues

  • getUserId

  • setUserClaimValue

  • setUserClaimValues

  • addCredential

  • deleteCredential

  • getCredentials

  • updateCredential

  • addUser

  • addUsers

  • deleteUser

  • getAllUserClaimValues

OAuthAdminService

  • getAppsAuthorizedByUser

  • revokeAuthzForAppsByResoureOwner

  • getAllOAuthApplicationData

  • getAllowedGrantTypes

  • getOAuthApplicationData

  • getOAuthApplicationDataByAppName

  • registerOAuthApplicationData

  • registerOAuthConsumer

  • removeOAuthApplicationData

  • updateConsumerApplication

  • getOAuthApplicationState

  • updateConsumerAppState

  • updateOauthSecretKey

  • isPKCESupportEnabled

  • updateApproveAlwaysForAppConsentByResourceOwner

EntitlementAdminService

  • clearAllAttributeCaches

  • clearAllResourceCaches

  • clearAttributeFinderCache

  • clearAttributeFinderCacheByAt tributes

  • clearCarbonAttributeCache

  • clearCarbonResourceCache

  • clearDecisionCache

  • clearPolicyCache

  • clearResourceFinderCache

  • doTestRequest

  • doTestRequestForGivenPolicies

  • getGlobalPolicyAlgorithm

  • getPDPData

  • getPIPAttributeFinderData

  • getPIPResourceFinderData

  • getPolicyFinderData

  • refreshAttributeFinder

  • refreshPolicyFinders

  • refreshResourceFinder

  • setGlobalPolicyAlgorithm

EntitlementPolicyAdminService

  • addPolicies

  • addPolicy

  • addSubscriber

  • deleteSubscriber

  • dePromotePolicy

  • enableDisablePolicy

  • getAllPolicies

  • getAllPolicyIds

  • getEntitlementData

  • getEntitlementDataModules

  • getLightPolicy

  • getPolicy

  • getPolicyByVersion

  • getPolicyVersions

  • getPublisherModuleData

  • getStatusData

  • getSubscriber

  • getSubscriberIds

  • importPolicyFromRegistry

  • orderPolicy

  • publish

  • publishPolicies

  • publishToPDP

  • removePolicies

  • removePolicy

  • rollBackPolicy

  • updatePolicy

  • updateSubscriber

ClaimManagementService



  • addNewClaimDialect

  • addNewClaimMapping

  • getClaimMappingByDialect

  • getClaimMappings

  • removeClaimDialect

  • removeClaimMapping

  • updateClaimMapping

IdentityApplicationManagementService

  • createApplication

  • deleteApplication

  • getAllApplicationBasicInfo

  • getAllIdentityProviders

  • getAllLocalAuthenticators

  • getAllLocalClaimUris

  • getAllRequestPathAuthenticators

  • getApplication

  • getIdentityProvider

  • updateApplication

IdentityProviderMgtService

  • addIdP

  • deleteIdP

  • getAllFederatedAuthenticators

  • getAllLocalClaimUris

  • getAllProvisioningConnectors

  • getEnabledAllIdPs

  • getIdPByName

  • getResidentIdP

  • updateIdP

  • updateResidentIdP

  • Generic-Operations

STSAdminService





  • addTrustedService

  • getCertAliasOfPrimaryKeyStore

  • getProofKeyType

  • getTrustedServices

  • removeTrustedService

  • setProofKeyType

KeyStoreAdminService

  • addKeyStore

  • addTrustStore

  • deleteStore

  • getKeyStores

  • getKeystoreInfo

  • getPaginatedKeystoreInfo

  • getStoreEntries

  • importCertToStore

  • removeCertFromStore

UserIdentityManagementAdminService





  • changeUserPassword

  • deleteUser

  • getAllChallengeQuestions

  • getAllPromotedUserChallenge

  • getAllUserIdentityClaims

  • getChallengeQuestionsOfUser

  • isReadOnlyUserStore

  • lockUserAccount

  • resetUserPassword

  • setChallengeQuestions

  • setChallengeQuestionsOfUser

  • unlockUserAccount

  • updateUserIdentityClaims

  • disableUserAccount

  • enableUserAccount

/admin/configure/security

ChallengeQuestionManagementAdminService

  • deleteChallengeQuestionsOfTenant

  • setUserChallengeAnswers

/admin/configure/security/usermgt/provisioning

SCIMConfigAdminService

  • addUserProvider

  • deleteUserProvider

  • getAllUserProviders

  • getUserProvider

  • updateUserProvider

/admin/login

AccountCredentialMgtConfigService

  • getEmailConfig

  • saveEmailConfig

ChallengeQuestionManagementAdminService

  • getChallengeQuestionsOfTenant

  • getChallengeQuestionsForUser

  • getChallengeQuestionsForLocale