This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Managing Permissions with APIs
The following section describes the Remote Authorization Manager API and the operations that come with it.Â
Permissions can be assigned to user roles. The permission is an authorization to perform a specific action on a resource. For instance, a user role can have permission (i.e., authorization) to add and delete (i.e., actions) service providers (i.e., the resource). The following set of actions can be performed on a resource.
- get
- add
- delete
- edit
- login
- man_config
- man_lc_config
- man_sec
- up_serv
- man_serv
- man_media
- mon_sys
- del_id
- authorize
- inv_ser
- ui_executeÂ
- subscribe
- publish
- consume
- change_permission
- browse
- sqs_send_message
- sqs_receive_message
- sqs_delete_message
- sqs_change_message_visibility
- sqs_get_queue_attributes
The following operations are available in this API:
authorizeRole
This function authorizes the given role to perform the specified action on the given resource.
Input parameters
Parameter | Description |
---|---|
roleName | The name of the role (e.g., "role1") |
resourceId | The resource path (e.g., "/permission/admin/login") |
action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
clearAllRoleAuthorization
This function clears all authorizations of the role.
Input parameters
Parameter | Description |
---|---|
roleName | The name of the role (e.g., "role1") |
clearResourceAuthorizations
This function clears all the authorizations for the given resource.
Input parameters
Parameter | Description |
---|---|
resourceId | The resource path (e.g., "/permission/admin/login") |
clearRoleActionOnAllResources
This function removes the authorization from the role to perform the specified action on all the resources.
Input parameters
Parameter | Description |
---|---|
action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
clearRoleAuthorization
This function clear the authorization of the specified role to perform the given action on the resource.
Input parameters
Parameter | Description |
---|---|
roleName | The name of the role (e.g., "role1") |
resourceId | The resource path (e.g., "/permission/admin/login") |
action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
denyRole
This function removes the authorization of the role to perform the given action on the specified resource.
Input parameters
Parameter | Description |
---|---|
roleName | The name of the role (e.g., "role1") |
resourceId | The resource path (e.g., "/permission/admin/login") |
action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
getAllowedRolesForResource
This function retrieves the list of authorized roles to perform the given action on the specified resource.
Input parameters
Parameter | Description |
---|---|
resourceId | The resource path (e.g., "/permission/admin/login") |
action | The action name of the action to be performed on the resource (e.g., "ui.execute") |
getAllowedUIResourcesForUser
This function retrieves the list of UI resources in the specified root patch for which the user has authorization.Â
Input parameters
Parameter | Description |
---|---|
userName | The username of the specific user (e.g., "admin") |
permissionRootPath | The permission root path |
isRoleAuthorized
This function checks whether the given role is authorized to perform the action on the specified resource.
Input parameters
Parameter | Description |
---|---|
roleName | The name of the role (e.g., "role1") |
resourceId | The resource path (e.g., "/permission/admin/login") |
action | The action name of the action to be performed on the resource (e.g., "ui.execute") |