This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

API Permissions

The following table lists out all the available APIs and their operations and specifies the permissions of each operation. 

ServiceOperationPermission Level
IdentityProviderMgtServiceaddIdP/permission/admin/manage

deleteIdP/permission/admin/manage

getAllFederatedAuthenticators/permission/admin/manage

getAllIdPs/permission/admin/login

getAllLocalClaimUris/permission/admin/manage

getAllProvisioningConnectors/permission/admin/manage

getEnabledAllIdPs/permission/admin/manage

getIdPByName/permission/admin/manage

getResidentIdP/permission/admin/manage

updateIdP/permission/admin/manage

updateResidentIdP/permission/admin/manage



IdentityApplicationManagementServicecreateApplication/permission/admin/manage

deleteApplication/permission/admin/manage

getAllApplicationBasicInfo/permission/admin/manage

getAllIdentityProviders/permission/admin/manage

getAllLocalAuthenticators/permission/admin/manage

getAllLocalClaimUris/permission/admin/manage

getAllRequestPathAuthenticators/permission/admin/manage

getApplication/permission/admin/manage

getIdentityProvider/permission/admin/manage

updateApplication/permission/admin/manage



TenantMgtAdminServiceactivateTenant/permission/protected/manage/modify/tenants

addSkeletonTenant/permission/protected/manage/monitor/tenants

addTenant/permission/protected/manage/monitor/tenants

deactivateTenant/permission/protected/manage/modify/tenants

deleteTenant/permission/protected/manage/modify/tenants

getTenant/permission/protected/manage/monitor/tenants

retrievePaginatedPartialSearchTenants/permission/protected/manage/monitor/tenants

retrievePaginatedTenants/permission/protected/manage/monitor/tenants

retrievePartialSearchTenants/permission/protected/manage/monitor/tenants

retrieveTenants/permission/protected/manage/monitor/tenants

updateTenant/permission/protected/manage/modify/tenants



UserStoreConfigAdminServiceaddUserStore/permission/admin/manage/identity/userstore/config/create

changeUserStoreState/permission/admin/manage/identity/userstore/config/update

deleteUserStore/permission/admin/manage/identity/userstore/config/delete

deleteUserStoresSet/permission/admin/manage/identity/userstore/config/delete

editUserStore/permission/admin/manage/identity/userstore/config/update

editUserStoreWithDomainName/permission/admin/manage/identity/userstore/config/update

getAvailableUserStoreClasses/permission/admin/manage/identity/userstore/config/view

getSecondaryRealmConfigurations/permission/admin/manage/identity/userstore/config/view

getUserStoreManagerProperties/permission/admin/manage/identity/userstore/config/view

testRDBMSConnection/permission/admin/manage/identity/userstore/config/view



OAuthAdminServicegetAllOAuthApplicationData/permission/admin/manage/identity/applicationmgt/view

getAllowedGrantTypes/permission/admin/manage/identity/applicationmgt/view

getAppsAuthorizedByUser/permission/admin/login

getOAuthApplicationData/permission/admin/manage/identity/applicationmgt/view

getOAuthApplicationDataByAppName/permission/admin/manage/identity/applicationmgt/view

registerOAuthApplicationData/permission/admin/manage/identity/applicationmgt/create

registerOAuthConsumer/permission/admin/manage/identity/applicationmgt/create

removeOAuthApplicationData/permission/admin/manage/identity/applicationmgt/delete

revokeAuthzForAppsByResoureOwner/permission/admin/login

updateConsumerApplication/permission/admin/manage/identity/applicationmgt/update



OAuth2TokenValidationServicefindOAuthConsumerIfTokenIsValid/permission/admin/manage

validate/permission/admin/manage



ClaimManagementServiceaddNewClaimDialect/permission/admin/configure/security

addNewClaimMapping/permission/admin/configure/security

getClaimMappingByDialect/permission/admin/configure/security

getClaimMappings/permission/admin/configure/security

removeClaimDialect/permission/admin/configure/security

removeClaimMapping/permission/admin/configure/security

upateClaimMapping/permission/admin/configure/security



RemoteUserStoreManagerServiceaddRole/permission/admin/configure/security

addUser/permission/admin/configure/security

addUserClaimValue/permission/admin/configure/security

addUserClaimValues/permission/admin/configure/security

authenticate/permission/admin/configure/security

deleteRole/permission/admin/configure/security

deleteUser/permission/admin/configure/security

deleteUserClaimValue/permission/admin/configure/security

deleteUserClaimValues/permission/admin/configure/security

getAllProfileNames/permission/admin/configure/security

getHybridRoles/permission/admin/configure/security

getPasswordExpirationTime/permission/admin/configure/security

getProfileNames/permission/admin/configure/security

getProperties/permission/admin/configure/security

getRoleListOfUser/permission/admin/configure/security

getRoleNames/permission/admin/configure/security

getTenantId/permission/admin/configure/security

getTenantIdofUser/permission/admin/configure/security

getUserClaimValue/permission/admin/configure/security

getUserClaimValues/permission/admin/configure/security

getUserClaimValuesForClaims/permission/admin/configure/security

getUserId/permission/admin/configure/security

getUserList/permission/admin/configure/security

getUserListOfRole/permission/admin/configure/security

isExistingRole/permission/admin/configure/security

isExistingUser/permission/admin/configure/security

isReadOnly/permission/admin/configure/security

listUsers/permission/admin/configure/security

setUserClaimValue/permission/admin/configure/security

setUserClaimValues/permission/admin/configure/security

updateCredential/permission/admin/configure/security

updateCredentialByAdmin/permission/admin/configure/security

updateRoleListOfUser/permission/admin/configure/security

updateRoleName/permission/admin/configure/security

updateUserListOfRole/permission/admin/configure/security



RemoteAuthorizationManagerServiceauthorizeRole/permission/admin/configure/security

authorizeUser/permission/admin/configure/security

clearAllRoleAuthorization/permission/admin/configure/security

clearAllUserAuthorization/permission/admin/configure/security

clearResourceAuthorizations/permission/admin/configure/security

clearRoleActionOnAllResources/permission/admin/configure/security

clearRoleAuthorization/permission/admin/configure/security

clearUserAuthorization/permission/admin/configure/security

denyRole/permission/admin/configure/security

denyUser/permission/admin/configure/security

getAllowedRolesForResource/permission/admin/configure/security

getAllowedUIResourcesForUser/permission/admin/configure/security

getDeniedRolesForResource/permission/admin/configure/security

getExplicitlyAllowedUsersForResource/permission/admin/configure/security

getExplicitlyDeniedUsersForResource/permission/admin/configure/security

isRoleAuthorized/permission/admin/configure/security

isUserAuthorized/permission/admin/manage/identity

resetPermissionOnUpdateRole/permission/admin/configure/security



RemoteProfileConfigurationManagerServiceaddProfileConfig/permission/admin/configure/security

deleteProfileConfig/permission/admin/configure/security

getAllProfiles/permission/admin/configure/security

getProfileConfig/permission/admin/configure/security

updateProfileConfig/permission/admin/configure/security



RemoteClaimManagerServiceaddNewClaimMapping/permission/admin/configure/security

deleteClaimMapping/permission/admin/configure/security

getAllClaimMappings/permission/admin/configure/security

getAllClaimUris/permission/admin/configure/security

getAllRequiredClaimMappings/permission/admin/configure/security

getAllSupportClaimMappingsByDefault/permission/admin/configure/security

getAttributeName/permission/admin/configure/security

getAttributeNameFromDomain/permission/admin/configure/security

getClaim/permission/admin/configure/security

getClaimMapping/permission/admin/configure/security

updateClaimMapping/permission/admin/configure/security



RemoteUserRealmServicegetRealmConfiguration/permission/protected/tenant-admin



RemoteTenantManagerServiceactivateTenant/permission/protected/tenant-admin

addTenant/permission/protected/tenant-admin

deactivateTenant/permission/protected/tenant-admin

deleteTenant/permission/protected/tenant-admin

getAllTenants/permission/protected/tenant-admin

getDomain/permission/protected/tenant-admin

getSuperTenantDomain/permission/protected/tenant-admin

getTenant/permission/protected/tenant-admin

getTenantId/permission/protected/tenant-admin

isTenantActive/permission/protected/tenant-admin

updateTenant/permission/protected/tenant-admin



UserIdentityManagementAdminServicechangeUserPassword/permission/admin/login

deleteUser/permission/admin/login

getAllChallengeQuestions/permission/admin/login

getAllPromotedUserChallenge/permission/admin/login

getAllUserIdentityClaims/permission/admin/login

getChallengeQuestionsOfUser/permission/admin/login

isReadOnlyUserStore/permission/admin/login

lockUserAccount/permission/admin/login

resetUserPassword/permission/admin/login

setChallengeQuestions/permission/admin/login

setChallengeQuestionsOfUser/permission/admin/login

unlockUserAccount/permission/admin/login

updateUserIdentityClaims/permission/admin/login



AccountCredentialMgtConfigServicegetEmailConfig/permission/admin/login

saveEmailConfig/permission/admin/login



UserInformationRecoveryServiceconfirmUserSelfRegistration/permission/admin/login

getAllChallengeQuestions/permission/admin/login

getCaptcha/permission/admin/login

getUserChallengeQuestion/permission/admin/login

getUserChallengeQuestionIds/permission/admin/login

getUserIdentitySupportedClaims/permission/admin/login

registerUser/permission/admin/login

sendRecoveryNotification/permission/admin/login

updatePassword/permission/admin/login

verifyAccount/permission/admin/login

verifyConfirmationCode/permission/admin/login

verifyUser/permission/admin/login

verifyUserChallengeAnswer/permission/admin/login



EntitlementAdminServiceclearAllAttributeCaches/permission/admin/configure

clearAllResourceCaches/permission/admin/configure

clearAttributeFinderCache/permission/admin/configure

clearAttributeFinderCacheByAttributes/permission/admin/configure

clearCarbonAttributeCache/permission/admin/configure

clearCarbonResourceCache/permission/admin/configure

clearDecisionCache/permission/admin/configure

clearPolicyCache/permission/admin/configure

clearResourceFinderCache/permission/admin/configure

doTestRequest/permission/admin/configure

doTestRequestForGivenPolicies/permission/admin/configure

getGlobalPolicyAlgorithm/permission/admin/configure

getPDPData/permission/admin/configure

getPIPAttributeFinderData/permission/admin/configure

getPIPResourceFinderData/permission/admin/configure

getPolicyFinderData/permission/admin/configure

refreshAttributeFinder/permission/admin/configure

refreshPolicyFinders/permission/admin/configure

refreshResourceFinder/permission/admin/configure

setGlobalPolicyAlgorithm/permission/admin/configure



EntitlementPolicyAdminServiceaddPolicies/permission/admin/configure

addPolicy/permission/admin/configure

addSubscriber/permission/admin/configure

deleteSubscriber/permission/admin/configure

dePromotePolicy/permission/admin/configure

enableDisablePolicy/permission/admin/configure

getAllPolicies/permission/admin/configure

getAllPolicyIds/permission/admin/configure

getEntitlementData/permission/admin/configure

getEntitlementDataModules/permission/admin/configure

getLightPolicy/permission/admin/configure

getPolicy/permission/admin/configure

getPolicyByVersion/permission/admin/configure

getPolicyVersions/permission/admin/configure

getPublisherModuleData/permission/admin/configure

getStatusData/permission/admin/configure

getSubscriber/permission/admin/configure

getSubscriberIds/permission/admin/configure

importPolicyFromRegistry/permission/admin/configure

orderPolicy/permission/admin/configure

publish/permission/admin/configure

publishPolicies/permission/admin/configure

publishToPDP/permission/admin/configure

removePolicies/permission/admin/configure

removePolicy/permission/admin/configure

rollBackPolicy/permission/admin/configure

updatePolicy/permission/admin/configure

updateSubscriber/permission/admin/configure



EntitlementServicegetAllEntitlements/permission/admin/login

getBooleanDecision/permission/admin/login

getDecision/permission/admin/login

getDecisionByAttributes/permission/admin/login

getEntitledAttributes/permission/admin/login

XACMLAuthzDecisionQuery/permission/admin/login



ws-xacmlXACMLAuthzDecisionQuery/permission/admin/manage



UserProfileMgtServiceassociateID/permission/admin/login

deleteUserProfile/permission/admin/login

getAssociatedIDs/permission/admin/login

getInstance/permission/admin/login

getNameAssociatedWith/permission/admin/login

getProfileFieldsForInternalStore/permission/admin/login

getUserProfile/permission/admin/login

getUserProfiles/permission/admin/login

isAddProfileEnabled/permission/admin/login

isAddProfileEnabledForDomain/permission/admin/login

isReadOnlyUserStore/permission/admin/login

removeAssociateID/permission/admin/login

setUserProfile/permission/admin/login



UserAdminaddInternalRole/permission/admin/configure/security

addRemoveRolesOfUser/permission/admin/configure/security

addRemoveUsersOfRole/permission/admin/configure/security

addRole/permission/admin/configure/security

addUser/permission/admin/configure/security/usermgt/users

bulkImportUsers/permission/admin/configure/security

changePassword/permission/admin/configure/security/usermgt/passwords

changePasswordByUser/permission/admin/login

deleteRole/permission/admin/configure/security

deleteUser/permission/admin/configure/security/usermgt/users

getAllRolesNames/permission/admin/configure/security/rolemgt,/permission/admin/manage/modify/service

getAllSharedRoleNames/permission/admin/configure/security

getAllUIPermissions/permission/admin/configure/security

getRolePermissions/permission/admin/configure/security

getRolesOfCurrentUser/permission/admin/login

getRolesOfUser/permission/admin/configure/security

getUserRealmInfo/permission/admin/login

getUsersOfRole/permission/admin/configure/security/rolemgt

hasMultipleUserStores/permission/admin/login

isSharedRolesEnabled/permission/admin/configure/security

listAllUsers/permission/admin/configure/security/usermgt/users,/permission/admin/configure/security/usermgt/passwords,/permission/admin/configure/security/usermgt/profiles

listUserByClaim/permission/admin/configure/security

listUsers/permission/admin/configure/security/usermgt/users,/permission/admin/configure/security/usermgt/passwords,/permission/admin/configure/security/usermgt/profiles

setRoleUIPermission/permission/admin/configure/security

updateRoleName/permission/admin/configure/security

updateRolesOfUser/permission/admin/configure/security

updateUsersOfRole/permission/admin/configure/security



MultipleCredentialsUserAdminaddCredential/permission/admin/configure/security/usermgt/passwords

addUser/permission/admin/configure/security/usermgt/users

addUsers/permission/admin/configure/security/usermgt/users

addUserWithUserId/permission/admin/configure/security/usermgt

authenticate/permission/admin/configure/security/usermgt

deleteCredential/permission/admin/configure/security/usermgt/passwords

deleteUser/permission/admin/configure/security/usermgt/users

deleteUserClaimValue/permission/admin/configure/security/usermgt

deleteUserClaimValues/permission/admin/configure/security/usermgt

getAllUserClaimValues/permission/admin/login

getCredentials/permission/admin/configure/security/usermgt/passwords

getUserClaimValue/permission/admin/configure/security/usermgt

getUserClaimValues/permission/admin/configure/security/usermgt

getUserId/permission/admin/configure/security/usermgt

setUserClaimValue/permission/admin/configure/security/usermgt

setUserClaimValues/permission/admin/configure/security/usermgt

updateCredential/permission/admin/configure/security/usermgt/passwords



IdentityProviderAdminServiceaddOpenID/permission/admin/login

extractPrimaryUserName/permission/admin/login

getAllOpenIDs/permission/admin/login

getPrimaryOpenID/permission/admin/login

removeOpenID/permission/admin/login



XMPPConfigurationServiceaddUserXmppSettings/permission/admin/login

editXmppSettings/permission/admin/login

getUserIM/permission/admin/login

getXmppSettings/permission/admin/login

hasXMPPSettings/permission/admin/login

isXMPPSettingsEnabled/permission/admin/login



IdentitySAMLSSOConfigServiceaddRPServiceProvider/permission/admin/manage

getCertAliasOfPrimaryKeyStore/permission/admin/manage

getClaimURIs/permission/admin/manage

getServiceProviders/permission/admin/manage

removeServiceProvider/permission/admin/manage



IdentitySTSAdminServicereadCardIssuerConfiguration/permission/admin/manage

updateCardIssueConfiguration/permission/admin/manage



IWAAuthenticatorcanHandle/permission/admin/login

login/permission/admin/login



ProvisioningAdminServicegetAllInstalledFeatures/permission/protected/configure/components

getInstalledFeatureInfo/permission/protected/configure/components

getInstalledFeaturesWithProperty/permission/protected/configure/components

getLicensingInformation/permission/protected/configure/components

getProfileHistory/permission/protected/configure/components

performProvisioningAction/permission/protected/configure/components

removeAllConsoleFeatures/permission/protected/configure/components

removeAllServerFeatures/permission/protected/configure/components

reviewProvisioningAction/permission/protected/configure/components



ProfilesAdminServicegetUserProfile/permission/admin/manage/modify/user-profile

putUserProfile/permission/admin/manage/modify/user-profile



SecurityAdminServiceactivateUsernameTokenAuthentication/permission/admin/manage/modify/service

applyKerberosSecurityPolicy/permission/admin/manage/modify/service

applySecurity/permission/admin/manage/modify/service

disableSecurityOnService/permission/admin/manage/modify/service

getScenarios/permission/admin/manage/modify/service

getSecurityConfigData/permission/admin/manage/modify/service

getSecurityScenario/permission/admin/manage/modify/service



STSAdminServiceaddTrustedService/permission/admin/configure/security

getCertAliasOfPrimaryKeyStore/permission/admin/configure/security

getProofKeyType/permission/admin/configure/security

getTrustedServices/permission/admin/configure/security

removeTrustedService/permission/admin/configure/security

setProofKeyType/permission/admin/configure/security



KeyStoreAdminServiceaddKeyStore/permission/admin/configure/security

addTrustStore/permission/admin/configure/security

deleteStore/permission/admin/configure/security

getKeystoreInfo/permission/admin/configure/security

getKeyStores/permission/admin/configure/security,/permission/admin/manage/modify/service

getPaginatedKeystoreInfo/permission/admin/configure/security

getStoreEntries/permission/admin/configure/security

importCertToStore/permission/admin/configure/security

removeCertFromStore/permission/admin/configure/security



SCIMConfigAdminServiceaddGlobalProvider/permission/admin/configure/security

addUserProvider/permission/admin/configure/security/usermgt/provisioning

deleteGlobalProvider/permission/admin/configure/security

deleteUserProvider/permission/admin/configure/security/usermgt/provisioning

getAllGlobalProviders/permission/admin/configure/security

getAllUserProviders/permission/admin/configure/security/usermgt/provisioning

getGlobalProvider/permission/admin/configure/security

getUserProvider/permission/admin/configure/security/usermgt/provisioning

updateGlobalProvider/permission/admin/configure/security

updateUserProvider/permission/admin/configure/security/usermgt/provisioning



DirectoryServerManageraddServer/permission/admin/configure/security,/permission/admin/manage/modify/service

changePassword/permission/admin/configure/security,/permission/admin/manage/modify/service

getPasswordConformanceRegularExpression/permission/admin/configure/security,/permission/admin/manage/modify/service

getServiceNameConformanceRegularExpression/permission/admin/configure/security,/permission/admin/manage/modify/service

isExistingServicePrinciple/permission/admin/configure/security,/permission/admin/manage/modify/service

isKDCEnabled/permission/admin/configure/security,/permission/admin/manage/modify/service

listServicePrinciples/permission/admin/configure/security,/permission/admin/manage/modify/service

removeServer/permission/admin/configure/security,/permission/admin/manage/modify/service



LoggedUserInfoAdmingetUserInfo/permission/admin/login



LoggingAdmingetAllLoggerData/permission/protected/configure/logging

getAppenderData/permission/protected/configure/logging

getLoggerData/permission/protected/configure/logging

getSyslogData/permission/protected/configure/logging

getSystemLog/permission/protected/configure/logging

isStratosService/permission/protected/configure/logging

removeSyslogPattern/permission/protected/configure/logging

restoreDefaults/permission/protected/configure/logging

updateAllAppenderData/permission/protected/configure/logging

updateLoggerData/permission/protected/configure/logging

updateSyslogConfig/permission/protected/configure/logging

updateSystemLog/permission/protected/configure/logging



LoginStatisticsAdmingetLoginAttemptsNot available

getUserBasedLoginAttemptsNot available



WorkflowAdminServicegetWorkflow/permission/admin/manage/identity/workflow/definition/view

listWorkflowEvents/permission/admin/manage/identity/workflow/association/view

listTemplates/permission/admin/manage/identity/workflow/definition/view

getTemplate/permission/admin/manage/identity/workflow/definition/view

getWorkflowImpl/permission/admin/manage/identity/workflow/definition/view

listWorkflowImpls/permission/admin/manage/identity/workflow/definition/view

addWorkflow/permission/admin/manage/identity/workflow/definition/create

addAssociation/permission/admin/manage/identity/workflow/association/create

changeAssociationState/permission/admin/manage/identity/workflow/association/update

listWorkflows/permission/admin/manage/identity/workflow/definition/view

removeWorkflow/permission/admin/manage/identity/workflow/definition/delete

removeAssociation/permission/admin/manage/identity/workflow/association/delete

listAssociations/permission/admin/manage/identity/workflow/association/view

listAllAssociations/permission/admin/manage/identity/workflow/association/view

getEvent/permission/admin/manage/identity/workflow/association/view

getRequestsCreatedByUser/permission/admin/manage/identity/workflow/monitor/view

getRequestsInFilter/permission/admin/manage/identity/workflow/monitor/view

deleteWorkflowRequest/permission/admin/manage/identity/workflow/monitor/delete

getWorkflowsOfRequest/permission/admin/manage/identity/workflow/monitor/view



WorkflowImplAdminServiceaddBPSProfile/permission/admin/manage/identity/workflow/profile/create

listBPSProfiles/permission/admin/manage/identity/workflow/profile/view

getBPSProfile/permission/admin/manage/identity/workflow/profile/view

updateBPSProfile/permission/admin/manage/identity/workflow/profile/update

removeBPSProfile/permission/admin/manage/identity/workflow/profile/delete

removeBPSPackage/permission/admin/manage/identity/workflow/profile/delete