Adding a Role and Permissions

Follow the instructions below to add a role:

1. Sign in to the WSO2 IoT Server console.

   If you want to try out WSO2 IoT Server as an admin, use admin as the username and the password.

2. You can navigate to the ADD ROLE page via the following methods: 
   1. Method 01: Click menu icon  > USER MANAGEMENT > ROLES > ADD ROLE button.
      
   2. Method 02: Click Add icon on the ROLES tile.
      
3. Provide the required details and click Add Role.
   • Domain: Provide the user store type from the list of items.

   • Role Name: Provide the role name. 

   • User List: Define the users belonging to the respective role. Type the first few characters of the username and WSO2 IoT Server will provide the list of users having the same characters. You can then select the user/s you wish to add.
   

4. Define the permissions that need to be associated with the role you created by selecting the permissions from the permission tree. As the permissions are categorized, when the main permission category is selected, all its sub-permissions will get selected automatically. 

   Make sure to select the Login permission. Without this permission, the users are unable to log in to WSO2 IoT Server.

   For more information on the APIs associated with the permissions, see Permission APIs.

   Permissions	Description
   Applications management	You can install applications on devices registered with WSO2 IoT Server via the App Store or you can install applications via the internal REST APIs that is available on WSO2 IoT Server. This permission ensures that a user is able to install and uninstall applications via the internal APIs that are available in WSO2 IoT Server. For more information on installing applications via the App Store, see Installing Mobile Apps.
   Certificate management	WSO2 IoT Server supports mutual SSL, where the client verifies that the server can be trusted and the server verifies that the client can be trusted by using digital signatures. Following permissions grant access to client-side mutual SSL certificates: device-mgt > certificates > manage: This permission enables to create certificates and access own certificates. device-mgt > admin > certificates: These permissions ensure that a user is able to access all available certificates. Users with these permissions can: View all certificates in a list view and in a detailed view Create and remove certificates Verify certificates: This allows an authorized user to authenticate and authorize a device by implementing on-behalf-of authentication. For more information on managing certificates with the WSO2 IoT Server console, see Managing Client Side Mutual SSL Certificates.
   Configurations management	The monitoring frequency is configured under the general platform configurations in WSO2 IoT Server. The IoT server uses this parameter to determine how often the devices enrolled with WSO2 IoT Server need to be monitored. This permission enables users to configure, update and view the general platform configurations in WSO2 IoT Server. In the general platform configurations, you need to define the monitoring frequent, which is how often the IoT server communicates with the device agent. For more information, see General Platform Configurations.
   Manage devices	device-mgt > any-device > permitted-actions-under-owning-device: This permission enables you to view and manage all the devices shared with you. device-mgt > devices > owning-device: These permissions enable users to: Enroll and disenroll devices Publish events received by the device client, to the analytics profile Setup geofencing alerts Modify device details such as name and description Retrieve analytics for devices
   Disenroll devices	This permission enables you to disenroll or unregister Android and Windows devices.
   Enroll devices	This permission enables you to enroll or register Android, iOS and Windows devices with WSO2 IoT Server.
   Device status	This permission enables you to change a device status.
   Device Operations	WSO2 IoT Server offers various device operations based on the mobile platform. This permission enables users to view and carry out device operations on their devices. Expand the preferred platform and select the operations that need to be enabled for users that belong to the role you are creating.
   Platform configuration management	In WSO2 IoT Server the settings can be customized for each platform. This permission enables you to maintain and customize the notification type, notification frequency, and the End User License Agreement (EULA) to suit the requirement of Android, iOS, and Windows mobile platform. For more information, see Android platform settings, iOS platform settings and Windows platform settings.
   View notifications	The failure to carry out operations will be notified to the WSO2 IoT Server administrator and the device owner. This permission enables you to view the notifications that were sent. For more information on how it works, see Checking Notifications.
   Manage policies	In WSO2 IoT Server, you can define policies, which include a set of configurations. WSO2 IoT Server policies are enforced on the WSO2 IoT Server users' devices when new users register with the WSO2 IoT Server. The WSO2 IoT Server policy settings will vary based on the mobile OS type. This permission enables you to add, modify, view, publish, unpublish and remove policies. For more information on working with policies, see Managing Policies.
   Manage roles	WSO2 IoT Server allows you to create new customized roles. This permission enables you to add, modify, view and remove roles. For more information on working with roles, see Managing Roles.
   Manage users	WSO2 IoT Server allows you to create and manage users. This permission enables you to add, modify, view and remove users. For more information on working with users, see Managing Users.
   Manage groups	These permissions enable you to manage groups pertaining to devices and user roles. The user role related permission enables viewing all user roles available in WSO2 IoT Server. The device related permissions enable you to: Create and remove device groups Assign devices to a group Remove devices from a group View the list of groups attached to a device View the list of roles that have access to a group View the groups accessible by the logged in user
   Mobile application management	You are able to create mobile apps in the App Publisher that is available in WSO2 IoT Server. In order to create, publish, delete, install and update mobile applications the required permissions must be selected. To enable users to subscribe to applications and install an application on a device via the App Store you need to select Subscribe that is under the Web App permissions. For more information see the sections given below: Creating Mobile Applications. Installing Mobile Apps.
   Device type management	Following permissions enable managing device types: device-mgt > device-type > add: This enables the ability to add or delete event definitions for device types. device-mgt > devicetype > deploy: This enables deploying device type components via API. It is recommended to grant this permission to device admin users. For more information on event definitions, see Creating a New Event Stream and Receiver.
   Authorization management	Users with this permission can check whether a user has the permission to access and manage a device. It is recommended to grant this permission to device admin users.

5. Click Update Role Permission.