Adding New permissions to permission tree of WSO2 Identity Server
Sometimes we are using WSO2 Identity Server as a key manager with WSO2 APIM. In that scenario, when assigning roles and permission for newly created users from the Identity server-side, we cannot find some permission in the Identity server-side which required for APIM users.
e.g., api create, publish and subscribe permissions
Then we need to log to the management console of APIM and assign those permissions for the particular user.
As a workaround for this, we can add those additional permissions to the permission tree of Identity server. For that, you can follow the below steps. This permission can add through the registry of IS.
Let’s add the create permission to IS side as an example. The create permission is usually residing in the “/_system/governance/permission/admin/manage/api/create” registry path of APIM. Therefore we need to add this “create” permission in the “/_system/governance/permission/admin/manage” registry path.
- First, browse to the “/_system/governance/permission/admin/manage” registry path of APIM.
2. Then add a new collection by clicking “Add Collection” option. You need to create it as “api”.
3. Then go inside that created “api” collection and add a property called “api”. When creating a property, you can put the property name as “name” and value as “api”. This property helps to show this collection as “api” in the permission tree. Without that property, it will show as “null”.
4. Then add a collection called “create” inside that created “api” collection(/_system/governance/permission/admin/manage/api) collection.
5. Now go inside to the “create” collection and add a property called “create”. When creating a property, you can put the property name as “name” and value as “create”. This property helps to show this collection as “create” in the permission tree. Without that property, it will show as “null”.
As similar to you can create “subscribe” and “publish” permissions also. After that, those permissions will show in the permission tree as follows.
As similar, you can set any additional permissions to IS registry.
I hope this will be a useful story for you. Appreciate your claps and will meet with another story soon :)