Go to the profile of Pubudu D.P.
Pubudu D.P.

WSO2 Admin Services — Assigning a role to an existing user via back-end services.

The purpose of this post is to give an idea about how to create a user and assign a role successfully using WSO2 admin services. The important point here is to understand the difference between ‘addRemoveRolesOfUser’ method and ‘updateRolesOfUser’ method.

First of all, to be able to access admin services we need to discover backend services available in WSO2 products. Please refer to this document on how to discover the WSO2 admin services and this blog post on how to invoke the available methods as I am not going to describe it here.

Once you have set up the SOAP project as described here, the first thing we need to do is to create a user via back-end services.

To create a new user we use ‘addUser’ method. Please find the example screenshot and the response below.

Created user should be now visible in Management Console of the WSO2 product.

Now that we have created a user, the next step is to create a user role via back-end services.

In order to create a new user role we use ‘addRole’ method. Successful Role creation should look like this.

Newly created user role should be visible in WSO2 product management console.

Next step is important. This is where we assign the ‘BasicUser’ role to the ‘test123’ user we created via backend services. We use ‘addRemoveRolesOfUser’ SOAP method to assign a new role to the user. We can also use the same method to remove a role which is already assigned to a user. Successful role assignment looks like this in SOAP UI. What’s actually happening here is, it is doing a PATCH operation to update the assigned roles to the user. Which means it will add what ever the roles we send with ‘addRemoveRolesOfUser’ method to the relevant user.

If you need to remove an already assigned role from a user via ‘addRemoveRolesOfUser’ method, what you need to do is to provide the role name within<xsd:deletedUsers> tag instead of <xsd:newUsers> tag.

Now you should be able to see ‘BasicUser’ role is assigned to the user ‘test123’ in WSO2 management console as displayed below.

Now let’s use ‘updateRolesOfUser’ method and attempt to assign the role ‘testRole’ to user ‘test123’.

As you can see we received “Invalid data” error message with the response. The reason for this error message is due to this SOAP method is trying to do a PUT operation to update the roles list currently assigned tot he user. Which means we need to send the list of currently assigned user roles. This method requires at least ‘Internal/everyone’ role which is mandatory for all users created in WSO2 product. Let’s take a look at the successful operation below.

Now you can see the roles list is updated with the newly assigned ‘testRole’ in management console.

Now let’s try to remove the ‘BasicUser’ role from user‘test123’ using ‘updateRolesOfUser’ method. To achieve this, what we need to do is, to pass the currently assigned roles list to the SOAP method by omitting ‘BasicUser’ role as displayed below.

If you look at the assigned roles to ‘test123’ user in Management Console, ‘BasicUser’ role should be now removed.

Hope this article gives a basic understanding about how to assign a role to a user via back-end services using ‘addRemoveRolesOfUser’ and ‘updateRolesOfUser’ methods. Difference between these two methods is, whereas ‘addRemoveRolesOfUser’ allows you to just pass a single role, ‘updateRolesOfUser’ method updates the list of user roles currently assigned therefore it requires a roles list. This means at least ‘Internal/everyone’ needs to be passed with this method if you are removing all the currently assigned roles from a user.