Configuring Users via the Management Console
User management functionality is provided by default in all WSO2 Carbon-based products and is configured in the user-mgt.xml
file found in the <PRODUCT_HOME>/repository/conf
directory. The instructions given in this topic explain how you can add and manager users from the management console.
To enable users to log into the management console, you create user accounts and assign them roles, which are sets of permissions. You can add individual users or import users in bulk.
Adding a new user and assigning roles
Follow the instructions below to add a new user account and configure its role.
- Go to the Configure tab in the management console and click Users and Roles.
- Click Users. This link is only visible to users with the Admin role.
- Click Add New User. The following screen will open:
- Do the following:
- In the Domain list, specify the user store where you want to create this user account. This list includes the primary user store and any other secondary user stores that are configured for your product. See the related topics for information on configuring user stores.
- Enter a unique user name and the password that the person will use to log in. By default, the password must be at least five characters and should have at least one character with a capital letter, characters, numbers and special characters.
- Click Next.
- Optionally, select the role(s) you want this user to have. If you have many roles in your system, you can search for them by name.
- Click Finish.
A new user account is created with the specified roles and is listed on the Users page.
Importing users
In addition to manually adding individual users, you can import multiple users in bulk if you have exported them toa comma-separated values(.csv) file or Microsoft Excel (.xls) file. It is possible to import the username and password directly from the CSV/Excel to the product. Other user attributes can be imported only if claim URls are defined for such attributes in the product. For example, consider that you have claim URls defined for your product as shown below. These will allow you to import the user's email address, full name, last name, given name and role in addition to the username and password.
The username, password and other attributes (claim URls) that you import should be given in a CSV file as shown below. Note that the first line of the file will not be imported considering that it is not a username.
This is only supported if you have configured your user store as a JDBCUserStoreManager. See the related topics for information on how JDBC user stores are configured. It is recommended to upload a maximum of 500,000 users at a time. If you need to upload more users, you can upload them in separate batches of 500,000 each. You can also specify the size of the file that you can upload in the <PRODUCT_HOME>/repository/conf/carbon.xml
file using the TotalFileSizeLimit
element. This value is in MB.
<TotalFileSizeLimit>100</TotalFileSizeLimit>
- On the Users screen, click Bulk Import Users.
- Browse and select the file that contains the user data.
- Specify a default password to assign to all the users you are importing and click Finish. This password is valid for only 24 hours, so you should inform your users that they must log in and change their password within 24 hours.
Customizing the user's roles and permissions
Each role specifies a set of permissions that the user will have when assigned to that role. After creating a user, you can assign and remove roles for that user by clicking Assign Roles in the Actions column. To see which users a role is already assigned to, click View Users next to the role.
You can also customize which permissions apply to this user by clicking View Roles in the Actions column of the Users screen and then selecting the permissions from each role that you want this user to have. See the related topics for information about permissions.
Customizing a user's profile
Each individual user has a profile that can be updated to include various details. To do this, click User Profile on the Users screen. Make the changes required and click Update. You can also add multiple profiles for a user.
Note: You can only add new profiles if you are connected to a JDBC user store. You also need to have administrator privileges.
Do the following in order to add new profiles.
- On the Configure tab in the Management Console, click Users and Roles.
- Click Users. This link is only visible to users with the Admin role.
- Click the User Profile link.
- You can add multiple profiles using the Add New Profile link and create any number of profiles for your user as long as the user is located in a JDBC user store.
Deleting an existing user
Follow the instructions below to delete a user.
Deleting a user cannot be undone.
- Go to the Configure tab in the management console and click Users and Roles.
- Click Users. This link is only visible to users with User Management level permissions. See the related topics for more information about permissions.
- In the Users list, click Delete next to the user you want to delete, and then click Yes to confirm the operation.
Related Topics
- Configuring the System Administrator: This section describes how the system administrator user and role is set up and configured.
- Configuring User Stores: This section explains how user stores (which are repositories storing information about Users and Roles) are set up and configured.