Adding New permissions to permission tree of WSO2 Identity Server

Sometimes we are using WSO2 Identity Server as a key manager with WSO2 APIM. In that scenario, when assigning roles and permission for newly created users from the Identity server-side, we cannot find some permission in the Identity server-side which required for APIM users.

e.g., api create, publish and subscribe permissions

Then we need to log to the management console of APIM and assign those permissions for the particular user.

As a workaround for this, we can add those additional permissions to the permission tree of Identity server. For that, you can follow the below steps. This permission can add through the registry of IS.

Let’s add the create permission to IS side as an example. The create permission is usually residing in the “/_system/governance/permission/admin/manage/api/create” registry path of APIM. Therefore we need to add this “create” permission in the “/_system/governance/permission/admin/manage” registry path.

Steps

  1. First, browse to the “/_system/governance/permission/admin/manage” registry path of APIM.
1. /_system/governance/permission/admin/manage registry path

2. Then add a new collection by clicking “Add Collection” option. You need to create it as “api”.

2. Adding collection
3. Listed that added collection — “api”

3. Then go inside that created “api” collection and add a property called “api”. When creating a property, you can put the property name as “name” and value as “api”. This property helps to show this collection as “api” in the permission tree. Without that property, it will show as “null”.

4. Adding a property called “api”
5. Added property

4. Then add a collection called “create” inside that created “api” collection(/_system/governance/permission/admin/manage/api) collection.

6. Adding create collection
7. Listed that created “create” collection

5. Now go inside to the “create” collection and add a property called “create”. When creating a property, you can put the property name as “name” and value as “create”. This property helps to show this collection as “create” in the permission tree. Without that property, it will show as “null”.

8. Adding a property called “create”
9. Added “create” property

As similar to you can create “subscribe” and “publish” permissions also. After that, those permissions will show in the permission tree as follows.

10. updated permission tree

As similar, you can set any additional permissions to IS registry.

I hope this will be a useful story for you. Appreciate your claps and will meet with another story soon :)

Reference

[1]. http://shazninazeer.blogspot.com/2014/10/adding-new-permissions-to-permission.html

--

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nadee Poornima

Nadee Poornima

Senior Software Engineer at WSO2

More from Medium

Testing in Java — Unit Tests

The DRY Principle

CS373 Spring: Dillon Samra

Spring Integration Testing