When you select a collection in the registry, the Permissions panel opens with the defined role permissions available. It allows you to specify which role has access to perform which operations on a registry resource or a collection.
Adding new role permissions
In the New Role Permissions section, select a role from the drop-down list. This list is populated by all user roles configured in the system.
wso2.anonymous.roleis a special role that represents a user who is not logged in to the management console. Granting
Readaccess to this role means that you do not require authentication to access resources using the respective Permalinks.
everyonerole is a special role that represents a user who is logged into the management console. Granting
Readaccess to this role means that any user who has logged into the management console with can read the respective resource. Granting
Deleteaccess means that any user who is logged in to the management console with can make changes to the respective resource.
Select one of the following actions:
- Authorize - A special permission that gives a role the ability to grant and revoke permissions to/from others
Select whether to allow the action or deny and click Add Permission. For example
Denypermissions have higher priority over
Allow.That is, a
Denypermission always overrides an
Allowpermission assigned to a role.
Denypermission must be given at the collection level. For example, to deny the write/delete action on a given policy file, set Write/Delete actions for the role to
/trunk/policies. If you set the
Denypermission beyond the collection level (e.g., / or /_system etc.) it will not be applied for the user's role.
- The new permission appears in the list.
From here, you can edit the permissions by selecting and clearing the check boxes. After editing the permissions, click Apply All Permissions to save the alterations.