This documentation is for WSO2 Governance Registry 5.1.0. View documentation for the latest release.
Skip to end of metadata
Go to start of metadata

WSO2 Governance Registry allows managing users and their roles. A user is associated with one or more roles (generally specified at user creation time) and each role is associated with zero or more permissions (generally specified at role creation time). Therefore the set of permissions owned by a user is determined by the roles assigned to that user. If a user has several assigned roles, their permissions are added together.

Before you begin, note the following:

  • Only system administrators can add, modify and remove users and roles. To set up administrators, see Realm Configuration
  • Your product has a primary user store where the users/roles that you create using the management console are stored by default. It's default RegEx configurations are as follows. RegEx configurations ensure that parameters like the length of a user name/password meet the requirements of the user store.

    PasswordJavaRegEx-------- ^[\S]{5,30}$
    PasswordJavaScriptRegEx-- ^[\S]{5,30}$
    UsernameJavaRegEx-------- ^~!#$;%*+={}\\{3,30}$
    UsernameJavaScriptRegEx-- ^[\S]{3,30}$
    RolenameJavaRegEx-------- ^~!#$;%*+={}\\{3,30}$
    RolenameJavaScriptRegEx-- ^[\S]{3,30}$

    When creating users/roles, if you enter a username, password etc. that does not conform to the RegEx configurations, the system throws an exception. You can either change the RegEx configuration or enter values that conform to the RegEx. If you change the default user store or set up a secondary user store, configure the RegEx accordingly under the user store manager configurations in <GREG_HOME>/repository/conf/user-mgt.xml file.

By default, Governance Registry comes with the following roles:

  • Admin - Provides full access to all the features and controls in the ESB. By default the user "admin" is assigned to both the "Admin" and the "Everyone" roles.
  • Everyone - Every new user is assigned to this role by default. It does not include any permissions.
  • System - This role is not visible in the Management Console.


The Governance Registry UI does not allow configuring the permissions assigned to the "Admin" role.

The permission model of WSO2 Governance Registry is hierarchical. They can be assigned to the role in a fine grained or a coarse grained manner.

"Read/Write" and "Read Only" Modes

The User Management of the WSO2 Carbon allows to facilitate user accounts and roles at different levels.

The User Store of Carbon products can be configured to operate in one of the following modes, which determine the functionality.

Modes of operation:

  • Read/write - This mode allows the user to modify the User Store.
  • Read only - This mode prevents the user from changing any data in the User Store.

If the User Store is operating in "Read/Write" mode, the user can:

  • Add, modify or remove user accounts
  • Reset user passwords
  • Manage user roles
  • Build "import users" from other User Stores

If the User Store is operating in "Read Only" mode, the user can:

  • View user accounts


WSO2 Carbon maintains roles and permissions in the Carbon database, but it can read users/roles from the configured User Store.

For the detailed information on configuring users, roles and permissions, see the following pages:

  • Adding a New UserInstructions on how to add new users and assign roles to them.
  • Managing User's ProfileInstructions on how to manage user's profile in the WSO2 Governance Registry.
  • Changing User's Current PasswordInstructions on how to change user's current password in the WSO2 Governance Registry.
  • Deleting UsersInstructions on how to delete a user from the WSO2 Governance Registry Management Console.
  • Creating User's RolesInstructions on how to create and add a new user's role in the WSO2 Governance Registry.
  • Defining User's RolesInstructions on how to define roles for a user in the WSO2 Governance Registry.
  • Editing User's RoleInstructions on how to rename a role, change permissions and assign new user to this role in the WSO2 Governance Registry.
  • Deleting RolesInstructions on how to delete roles from the WSO2 Governance Registry Management Console.
  • Bulk Import of UsersInstructions on how to add bulk of users and assign roles to them.
  • No labels