I did add both permissions and same is happening. Shall I raise a bug?
Regards, Hanen On Thu, Jan 5, 2017 at 11:40 AM, Chamila Wijayarathna < [email protected]> wrote: > Hi Hanen, > > To achieve this in SOAP API calls, your user need to have both "User > Management" and "Role Management" permissions. > > Regards! > Chamila > > On Thu, Jan 5, 2017 at 9:37 PM, Hanen Ben Rhouma <[email protected]> > wrote: > >> Hi, >> >> In fact, even by using the SOAP service call to add role mgt only as a >> permission, the result is the same the created user won't have the >> possibility to create roles: >> >> <soapenv:Envelope xmlns:soapenv="http://schemas. >> xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.u >> m.carbon.wso2.org" xmlns:xsd="http://dao.service. >> ws.um.carbon.wso2.org/xsd"> >> <soapenv:Header/> >> <soapenv:Body> >> <ser:addRole> >> <!--Optional:--> >> <ser:roleName>TestRole</ser:roleName> >> <!--Zero or more repetitions:--> >> <ser:userList>hanen</ser:userList> >> <!--Zero or more repetitions:--> >> <ser:permissions> >> <!--Optional:--> >> <xsd:action>ui.execute</xsd:action> >> <!--Optional:--> >> <xsd:resourceId>/permission/admin/manage/identity/rolemgt/</ >> xsd:resourceId> >> </ser:permissions> >> </ser:addRole> >> </soapenv:Body> >> </soapenv:Envelope> >> >> Regards, >> Hanen >> >> On Wed, Jan 4, 2017 at 5:06 PM, Darshana Gunawardana <[email protected]> >> wrote: >> >>> Hi Chamila\Hanen, >>> >>> Yes. you need to have "'/permission/admin/manage/identity'" permission >>> to manage roles from the UI. Since we are doing multiple management >>> operation via management console we require much higher level of >>> permissions. But Relevant backend services (UserAdmin service) do support >>> finer level permission ("/permission/admin/manage/identity/usermgt") >>> then if some external client need to connect with restricted permissions >>> still it's possible. But indeed this UIs can be improved to support fine >>> grained permissions. Since we are working on the IS 6.0.0 which is based on >>> next gen Carbon 5 platform with complete re-design of the product with >>> parallel to IS 5.3.0 release, we did not focus on major redesigning of UI >>> and related UI permissions with the IS 5.3.0. >>> >>> Giving you bit of insight of IS 6.0.0 effort, we have plans to decouple >>> persona that use identity server for different types of administration and >>> provide separate views for each of those. You will be able to follow up on >>> those discussions on architecture list soon. >>> >>> We have created https://wso2.org/jira/browse/IDENTITY-5560 to track >>> this specific improvement, and it will consider fixing this in a future >>> release. >>> >>> Thanks >>> >>> On Wed, Jan 4, 2017 at 7:13 PM, Hanen Ben Rhouma <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> Actually I tried most of the combinations and the smallest set of >>>> permissions allowing users to create roles is by selecting the whole >>>> "Identity" permissions block. Why ???? >>>> Sometimes we want some type of users to be able to only create users >>>> and assign them to some roles, the rest of the application (IdP, SP, Key >>>> stores, Workflow mgt, etc.) isn't trivial to them and is not even in their >>>> scope of responsibility. Why such limitation? >>>> >>>> Regards, >>>> Hanen >>>> >>>> On Wed, Jan 4, 2017 at 1:32 PM, Chamila Wijayarathna < >>>> [email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> It looks like you need to have '/permission/admin/manage/identity' to >>>>> do this using management console. However, when looking at code if you are >>>>> doing it using API calls, having "User Management" and "Role Management" >>>>> should be enough to do this. >>>>> >>>>> It should work with "Roles Management" IMO, I'm not sure why it's not >>>>> implemented like that. >>>>> @Johann, Darshana : Any idea on this? >>>>> >>>>> On Wed, Jan 4, 2017 at 10:42 PM, Hanen Ben Rhouma <[email protected]> >>>>> wrote: >>>>> >>>>>> >>>>>> Hello, >>>>>> >>>>>> What is the permission that gives the user the possibility to create >>>>>> roles and assign users to them? I tried "Roles Management" permission but >>>>>> it's not doing the trick. >>>>>> >>>>>> >>>>>> Regards, >>>>>> Hanen >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Chamila Dilshan Wijayarathna, >>>>> PhD Research Student >>>>> The University of New South Wales (UNSW Canberra) >>>>> Australian Centre for Cyber Security >>>>> Australian Defence Force Academy >>>>> PO Box 7916, Canberra BA ACT 2610 >>>>> Australia >>>>> Mobile:(+61)416895795 <+61%20416%20895%20795> >>>>> >>>>> >>>> >>> >>> >>> -- >>> Regards, >>> >>> >>> *Darshana Gunawardana*Associate Technical Lead >>> WSO2 Inc.; http://wso2.com >>> >>> *E-mail: [email protected] <[email protected]>* >>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . >>> Middleware >>> >> >> > > > -- > Chamila Dilshan Wijayarathna, > PhD Research Student > The University of New South Wales (UNSW Canberra) > Australian Centre for Cyber Security > Australian Defence Force Academy > PO Box 7916, Canberra BA ACT 2610 > Australia > Mobile:(+61)416895795 <+61%20416%20895%20795> > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
