Role is a title containing permissions for users to manage security.Different roles are created with various combinations of permissions with the objective of segregation of duties for users who access the Server.
Identity Server supports the role-based authentication model where privileges of a user based on a role attached with.
A user is associated with one or more roles (generally specified upon user creation), and each role is associated with zero or more permissions (also generally specified upon user creation). Therefore, the set of permissions owned by a user is determined by the roles assigned to that user.
If a user has several assigned roles, their permissions are added together.
By default, Identity Server comes with the following roles:
- Admin - Provides full access to all features and controls in the ESB. By default, the user "admin" is assigned to both the "Admin" and the "Everyone" roles.
- Everyone - Every new user is assigned to this role by default. It does not include any permissions.
- System - This role is not visible in the Management Console.
Follow the instructions below to create a new user's role.
1.Sign in.
Enter your user name and password to log on to the Management Console.
2. .Main Menu
Main Menu contains the Main,Monitor,Configuration sections.
Click the "Configure" button to access the "Configure" menu.
3. Configure Section
click the "Users and Roles" button to access the "User Management" page.
4.User Management
click on the "Roles" link.
5. Role Menu
Role Menu facilitates the Add New Role,Rename Role,Add Permissions to the Role,Assign Users, View Users, Delete Role features
Click on the "Add New Role" link.
6.Role Information
“Domain” label specifies the user-store in which the role information are saved. The domain is set to "PRIMARY" by default in single-user-store option whereas in multiple-user-store,all the user-stores are populated in the domain dropdown list allowing to choose required user-store.
There are two options available with the “Role Information Page”, namely “Role Only” and “Role with Permissions” options.By clicking the ‘Finish’ button propergates to save the role with the no permission whereas selecting the “Next” button directs to the “Role with Permissions” option.
7. Permission List
The permission model of WSO2 Identity Server is hierarchical. Permissions can be assigned to a role in a fine-grained or a coarse-grained manner. For example, you can either select the whole class of permissions, such as "Configure," by checking the corresponding box, or you can expand that class and select one or several items.
“Permission List” page shows two methods, namely “Save Role Only” and “Attaching Users With the Role” .
By clicking the ‘Finish’ button after marking the required permissions in the permission list tree propagates to save the role with the specified permissions whereas selecting the “Next” button directs to the “Attaching Users With the Role” option.
8.User List
Select the users to be assigned to the role. You can conduct a search by name, or view all users by entering "*" into the search field.
Required user list could be populated through the “Search” button by providing “*” for all users or user name for specific user.
User List page provides Click one-by-one, Select all on this page, Unselect all on this page, Select all from page 1, Unselect all from page 1 methods to select the required users.
clicking on “Finish” button assigns the selected users to the role.
9. Role Menu
A new role is created with the specified user list. The role name is displayed in the "Roles" list.
From here, you can rename roles, assign new permissions and users, and delete a role.