This documentation is for WSO2 Identity Server 5.1.0 . View documentation for the latest release.
||
Skip to end of metadata
Go to start of metadata

The following table lists out the various operations that can be performed with different permission levels.

Permission levelServiceOperations
Tenant level permissions
/adminUserStoreConfigAdminService
  • addUserStore
  • changeUserStoreState
  • deleteUserStore
  • deleteUserStoresSet
  • editUserStore
  • editUserStoreWithDomainName
  • getAvailableUserStoreClasses
  • getSecondaryRealmConfigurations
  • getUserStoreManagerProperties
/admin/configure EntitlementAdminService
  • clearAllAttributeCaches
  • clearAllResourceCaches
  • clearAttributeFinderCache
  • clearAttributeFinderCacheByAttributes
  • clearCarbonAttributeCache
  • clearCarbonResourceCache
  • clearDecisionCache
  • clearPolicyCache
  • clearResourceFinderCache
  • doTestRequest
  • doTestRequestForGivenPolicies
  • getGlobalPolicyAlgorithm
  • getPDPData
  • getPIPAttributeFinderData
  • getPIPResourceFinderData
  • getPolicyFinderData
  • refreshAttributeFinder
  • refreshPolicyFinders
  • refreshResourceFinder
  • setGlobalPolicyAlgorithm
EntitlementPolicyAdminService
  • addPolicies
  • addPolicy
  • addSubscriber
  • deleteSubscriber
  • dePromotePolicy
  • enableDisablePolicy
  • getAllPolicies
  • getAllPolicyIds
  • getEntitlementData
  • getEntitlementDataModules
  • getLightPolicy
  • getPolicy
  • getPolicyByVersion
  • getPolicyVersions
  • getPublisherModuleData
  • getStatusData
  • getSubscriber
  • getSubscriberIds
  • importPolicyFromRegistry
  • orderPolicy
  • publish
  • publishPolicies
  • publishToPDP
  • removePolicies
  • removePolicy
  • rollBackPolicy
  • updatePolicy
  • updateSubscriber
/admin/configure/security          ClaimManagementService
  • addNewClaimDialect
  • addNewClaimMapping
  • getClaimMappingByDialect
  • getClaimMappings
  • removeClaimDialect
  • removeClaimMapping
  • upateClaimMapping
KeyStoreAdminService
  • addKeyStore
  • addTrustStore
  • deleteStore
  • getKeystoreInfo
  • getPaginatedKeystoreInfo
  • getStoreEntries
  • importCertToStore
  • removeCertFromStore
RemoteAuthorizationManagerService
  • authorizeRole
  • authorizeUser
  • clearAllRoleAuthorization
  • clearAllUserAuthorization
  • clearResourceAuthorizations
  • clearRoleActionOnAllResources
  • clearRoleAuthorization
  • clearUserAuthorization
  • denyRole
  • denyUser
  • getAllowedRolesForResource
  • getAllowedUIResourcesForUser
  • getDeniedRolesForResource
  • getExplicitlyAllowedUsersForResource
  • getExplicitlyDeniedUsersForResource
  • isRoleAuthorized
  • isUserAuthorized
  • resetPermissionOnUpdateRole
RemoteClaimManagerService
  • addNewClaimMapping
  • deleteClaimMapping
  • getAllClaimMappings
  • getAllClaimUris
  • getAllRequiredClaimMappings
  • getAllSupportClaimMappingsByDefault
  • getAttributeName
  • getAttributeNameFromDomain
  • getClaim
  • getClaimMapping
  • updateClaimMapping
RemoteProfileConfigurationManagerService
  • addProfileConfig
  • deleteProfileConfig
  • getAllProfiles
  • getProfileConfig
  • updateProfileConfig
RemoteUserStoreManagerService
  • addRole
  • addUser
  • addUserClaimValue
  • addUserClaimValues
  • authenticate
  • deleteRole
  • deleteUser
  • deleteUserClaimValue
  • deleteUserClaimValues
  • getAllProfileNames
  • getHybridRoles
  • getPasswordExpirationTime
  • getProfileNames
  • getProperties
  • getRoleListOfUser
  • getRoleNames
  • getTenantId
  • getTenantIdofUser
  • getUserClaimValue
  • getUserClaimValues
  • getUserClaimValuesForClaims
  • getUserId
  • getUserList
  • getUserListOfRole
  • isExistingRole
  • isExistingUser
  • isReadOnly
  • listUsers
  • setUserClaimValue
  • setUserClaimValues
  • updateCredential
  • updateCredentialByAdmin
  • updateRoleListOfUser
  • updateRoleName
  • updateUserListOfRole
SCIMConfigAdminService
  • addGlobalProvider
  • deleteGlobalProvider
  • getAllGlobalProviders
  • getGlobalProvider
  • updateGlobalProvider
STSAdminService
  • addTrustedService
  • getCertAliasOfPrimaryKeyStore
  • getProofKeyType
  • getTrustedServices
  • removeTrustedService
  • setProofKeyType
 UserAdmin
  • addInternalRole
  • addRemoveRolesOfUser
  • addRemoveUsersOfRole
  • addRole
  • bulkImportUsers
  • deleteRole
  • getAllSharedRoleNames
  • getAllUIPermissions
  • getRolePermissions
  • getRolesOfUser
  • isSharedRolesEnabled
  • listUserByClaim
  • setRoleUIPermission
  • updateRoleName
  • updateRolesOfUser
  • updateUsersOfRole
/admin/configure/security/rolemgtUserAdmin
  • getUsersOfRole
/admin/configure/security/usermgtMultipleCredentialsUserAdmin
  • addUserWithUserId
  • authenticate
  • deleteUserClaimValue
  • deleteUserClaimValues
  • getUserClaimValue
  • getUserClaimValues
  • getUserId
  • setUserClaimValue
  • setUserClaimValues
/admin/configure/security/usermgt/passwordsMultipleCredentialsUserAdmin 
  • addCredential
  • deleteCredential
  • getCredentials
  • updateCredential
UserAdmin
  • changePassword
 /admin/configure/security/usermgt/provisioningSCIMConfigAdminService
  • addUserProvider
  • deleteUserProvider
  • getAllUserProviders
  • getUserProvider
  • updateUserProvider
/admin/configure/security/usermgt/usersMultipleCredentialsUserAdmin
  • addUser
  • addUsers
  • deleteUser
UserAdmin
  • addUser
  • deleteUser
/admin/loginAccountCredentialMgtConfigService
  • getEmailConfig
  • saveEmailConfig
EntitlementService
  • getAllEntitlements
  • getBooleanDecision
  • getDecision
  • getDecisionByAttributes
  • getEntitledAttributes
  • XACMLAuthzDecisionQuery
IdentityProviderAdminService
  • addOpenID
  • extractPrimaryUserName
  • getAllOpenIDs
  • getPrimaryOpenID
  • removeOpenID
  • getAllIdPs
IWAAuthenticator
  • canHandle
  • login
LoggedUserInfoAdmin
  • getUserInfo
MultipleCredentialsUserAdmin
  • getAllUserClaimValues
OAuthAdminService
  • getAppsAuthorizedByUser
  • revokeAuthzForAppsByResoureOwner
UserAdmin
  • changePasswordByUser
  • getRolesOfCurrentUser
  • getUserRealmInfo
  • hasMultipleUserStores
UserIdentityManagementAdminService
  • changeUserPassword
  • deleteUser
  • getAllChallengeQuestions
  • getAllPromotedUserChallenge
  • getAllUserIdentityClaims
  • getChallengeQuestionsOfUser
  • isReadOnlyUserStore
  • lockUserAccount
  • resetUserPassword
  • setChallengeQuestions
  • setChallengeQuestionsOfUser
  • unlockUserAccount
  • updateUserIdentityClaims
UserInformationRecoveryService
  • confirmUserSelfRegistration
  • getAllChallengeQuestions
  • getCaptcha
  • getUserChallengeQuestion
  • getUserChallengeQuestionIds
  • getUserIdentitySupportedClaims
  • registerUser
  • sendRecoveryNotification
  • updatePassword
  • verifyAccount
  • verifyConfirmationCode
  • verifyUser
  • verifyUserChallengeAnswer
UserProfileMgtService
  • associateID
  • deleteUserProfile
  • getAssociatedIDs
  • getInstance
  • getNameAssociatedWith
  • getProfileFieldsForInternalStore
  • getUserProfile
  • getUserProfiles
  • isAddProfileEnabled
  • isAddProfileEnabledForDomain
  • isReadOnlyUserStore
  • removeAssociateID
  • setUserProfile
XMPPConfigurationService
  • addUserXmppSettings
  • editXmppSettings
  • getUserIM
  • getXmppSettings
  • hasXMPPSettings
  • isXMPPSettingsEnabled
/admin/manage IdentityApplicationManagementService
  • createApplication
  • deleteApplication
  • getAllApplicationBasicInfo
  • getAllIdentityProviders
  • getAllLocalAuthenticators
  • getAllLocalClaimUris
  • getAllRequestPathAuthenticators
  • getApplication
  • getIdentityProvider
  • updateApplication
IdentityProviderMgtService
  • addIdP
  • deleteIdP
  • getAllFederatedAuthenticators
  • getAllLocalClaimUris
  • getAllProvisioningConnectors
  • getEnabledAllIdPs
  • getIdPByName
  • getResidentIdP
  • updateIdP
  • updateResidentIdP
IdentitySAMLSSOConfigService
  • addRPServiceProvider
  • getCertAliasOfPrimaryKeyStore
  • getClaimURIs
  • getServiceProviders
  • removeServiceProvider
IdentitySTSAdminService
  • readCardIssuerConfiguration
  • updateCardIssueConfiguration
OAuth2TokenValidationService
  • findOAuthConsumerIfTokenIsValid
  • validate
OAuthAdminService
  • getAllOAuthApplicationData
  • getAllowedGrantTypes
  • getOAuthApplicationData
  • getOAuthApplicationDataByAppName
  • registerOAuthApplicationData
  • registerOAuthConsumer
  • removeOAuthApplicationData
  • updateConsumerApplication
ws­xacml
  • XACMLAuthzDecisionQuery
/admin/manage/modify/serviceProfilesAdminService
  • getUserProfile
  • putUserProfile
Super tenant level permissions
/protected/configure/componentsProvisioningAdminService
  • getAllInstalledFeatures
  • getInstalledFeatureInfo
  • getInstalledFeaturesWithProperty
  • getLicensingInformation
  • getProfileHistory
  • performProvisioningAction
  • removeAllConsoleFeatures
  • removeAllServerFeatures
  • reviewProvisioningAction
/protected/manage/modify/tenants TenantMgtAdminService
  • activateTenant
  • deactivateTenant
  • deleteTenant
  • updateTenant
/protected/manage/monitor/tenants TenantMgtAdminService
  • addSkeletonTenant
  • addTenant
  • getTenant
  • retrievePaginatedPartialSearchTenants
  • retrievePaginatedTenants
  • retrievePartialSearchTenants
  • retrieveTenants
/protected/tenant­admin RemoteTenantManagerService
  • activateTenant
  • addTenant
  • deactivateTenant
  • deleteTenant
  • getAllTenants
  • getDomain
  • getSuperTenantDomain
  • getTenant
  • getTenantId
  • isTenantActive
  • updateTenant
RemoteUserRealmService
  • getRealmConfiguration
Special cases: These operations require multiple permission levels

/admin/configure/security

/admin/manage/modify/service

DirectoryServerManager
  • addServer
  • changePassword
  • getPasswordConformanceRegularExpression
  • getServiceNameConformanceRegularExpression
  • isExistingServicePrinciple
  • isKDCEnabled
  • listServicePrinciples
  • removeServer
KeyStoreAdminService
  • getKeyStores

/admin/configure/security/rolemgt

/admin/manage/modify/service

UserAdmin
  • getAllRolesNames

/admin/configure/security/usermgt/users

/admin/configure/security/usermgt/passwords

/admin/configure/security/usermgt/profiles

UserAdmin
  • listAllUsers
  • listUsers
  • No labels