Hi Chamila\Hanen,
Yes. you need to have "'/permission/admin/manage/identity'" permission to
manage roles from the UI. Since we are doing multiple management operation
via management console we require much higher level of permissions. But
Relevant backend services (UserAdmin service) do support finer level
permission ("/permission/admin/manage/identity/usermgt") then if some
external client need to connect with restricted permissions still it's
possible. But indeed this UIs can be improved to support fine
grained permissions. Since we are working on the IS 6.0.0 which is based on
next gen Carbon 5 platform with complete re-design of the product with
parallel to IS 5.3.0 release, we did not focus on major redesigning of UI
and related UI permissions with the IS 5.3.0.
Giving you bit of insight of IS 6.0.0 effort, we have plans to decouple
persona that use identity server for different types of administration and
provide separate views for each of those. You will be able to follow up on
those discussions on architecture list soon.
We have created https://wso2.org/jira/browse/IDENTITY-5560 to track this
specific improvement, and it will consider fixing this in a future release.
Thanks
On Wed, Jan 4, 2017 at 7:13 PM, Hanen Ben Rhouma <[email protected]> wrote:
> Hi,
>
> Actually I tried most of the combinations and the smallest set of
> permissions allowing users to create roles is by selecting the whole
> "Identity" permissions block. Why ????
> Sometimes we want some type of users to be able to only create users and
> assign them to some roles, the rest of the application (IdP, SP, Key
> stores, Workflow mgt, etc.) isn't trivial to them and is not even in their
> scope of responsibility. Why such limitation?
>
> Regards,
> Hanen
>
> On Wed, Jan 4, 2017 at 1:32 PM, Chamila Wijayarathna <
> [email protected]> wrote:
>
>> Hi,
>>
>> It looks like you need to have '/permission/admin/manage/identity' to do
>> this using management console. However, when looking at code if you are
>> doing it using API calls, having "User Management" and "Role Management"
>> should be enough to do this.
>>
>> It should work with "Roles Management" IMO, I'm not sure why it's not
>> implemented like that.
>> @Johann, Darshana : Any idea on this?
>>
>> On Wed, Jan 4, 2017 at 10:42 PM, Hanen Ben Rhouma <[email protected]>
>> wrote:
>>
>>>
>>> Hello,
>>>
>>> What is the permission that gives the user the possibility to create
>>> roles and assign users to them? I tried "Roles Management" permission but
>>> it's not doing the trick.
>>>
>>>
>>> Regards,
>>> Hanen
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [email protected]
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Chamila Dilshan Wijayarathna,
>> PhD Research Student
>> The University of New South Wales (UNSW Canberra)
>> Australian Centre for Cyber Security
>> Australian Defence Force Academy
>> PO Box 7916, Canberra BA ACT 2610
>> Australia
>> Mobile:(+61)416895795 <+61%20416%20895%20795>
>>
>>
>
--
Regards,
*Darshana Gunawardana*Associate Technical Lead
WSO2 Inc.; http://wso2.com
*E-mail: [email protected] <[email protected]>*
*Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . Middleware
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
