This documentation is for WSO2 Identity Server 5.3.0 . View documentation for the latest release.
||
Skip to end of metadata
Go to start of metadata

The following table lists out the various operations that can be performed with different permission levels.

Permission levelServiceOperations
Tenant level permissions
/admin/manage/identity          


UserStoreConfigAdminService
  • addUserStore
  • changeUserStoreState
  • deleteUserStore
  • deleteUserStoresSet
  • editUserStore
  • editUserStoreWithDomainName
  • getAvailableUserStoreClasses
  • getSecondaryRealmConfigurations
  • getUserStoreManagerProperties
  • testRDBMSConnection

UserProfileMgtService



  • associateID
  • deleteUserProfile
  • getAssociatedIDs
  • getInstance
  • getNameAssociatedWith
  • getProfileFieldsForInternalStore
  • getUserProfile
  • getUserProfiles
  • isAddProfileEnabled
  • isAddProfileEnabledForDomain
  • isReadOnlyUserStore
  • removeAssociateID
  • setUserProfile
RemoteAuthorizationManagerService
  • authorizeRole
  • authorizeUser
  • clearAllRoleAuthorization
  • clearAllUserAuthorization
  • clearResourceAuthorizations
  • clearRoleActionOnAllResources
  • clearRoleAuthorization
  • clearUserAuthorization
  • denyRole
  • denyUser
  • getAllowedRolesForResource
  • getAllowedUIResourcesForUser
  • getDeniedRolesForResource
  • getExplicitlyAllowedUsersForResource
  • getExplicitlyDeniedUsersForResource
  • isRoleAuthorized
  • isUserAuthorized
  • resetPermissionOnUpdateRole
RemoteClaimManagerService
  • addNewClaimMapping
  • deleteClaimMapping
  • getAllClaimMappings
  • getAllClaimUris
  • getAllRequiredClaimMappings
  • getAllSupportClaimMappingsByDefault
  • getAttributeName
  • getAttributeNameFromDomain
  • getClaim
  • getClaimMapping
  • updateClaimMapping
RemoteProfileConfigurationManagerService
  • addProfileConfig
  • deleteProfileConfig
  • getAllProfiles
  • getProfileConfig
  • updateProfileConfig
RemoteUserStoreManagerService
  • addRole
  • addUser
  • addUserClaimValue
  • addUserClaimValues
  • authenticate
  • deleteRole
  • deleteUser
  • deleteUserClaimValue
  • deleteUserClaimValues
  • getAllProfileNames
  • getHybridRoles
  • getPasswordExpirationTime
  • getProfileNames
  • getProperties
  • getRoleListOfUser
  • getRoleNames
  • getTenantId
  • getTenantIdofUser
  • getUserClaimValue
  • getUserClaimValues
  • getUserClaimValuesForClaims
  • getUserId
  • getUserList
  • getUserListOfRole
  • isExistingRole
  • isExistingUser
  • isReadOnly
  • listUsers
  • setUserClaimValue
  • setUserClaimValues
  • updateCredential
  • updateCredentialByAdmin
  • updateRoleListOfUser
  • updateRoleName
  • updateUserListOfRole
SCIMConfigAdminService
  • addGlobalProvider
  • deleteGlobalProvider
  • getAllGlobalProviders
  • getGlobalProvider
  • updateGlobalProvider
 UserAdmin
  • addInternalRole
  • addRemoveRolesOfUser
  • addRemoveUsersOfRole
  • addRole
  • bulkImportUsers
  • deleteRole
  • getAllSharedRoleNames
  • getAllUIPermissions
  • getRolePermissions
  • getRolesOfUser
  • isSharedRolesEnabled
  • listUserByClaim
  • setRoleUIPermission
  • updateRoleName
  • updateRolesOfUser
  • updateUsersOfRole
  • getUsersOfRole
  • changePassword
  • addUser
  • deleteUser
  • changePasswordByUser
  • getRolesOfCurrentUser
  • getUserRealmInfo
  • getAllRolesNames
  • hasMultipleUserStores
  • listAllUsers
  • listUsers
MultipleCredentialsUserAdmin
  • addUserWithUserId
  • authenticate
  • deleteUserClaimValue
  • deleteUserClaimValues
  • getUserClaimValue
  • getUserClaimValues
  • getUserId
  • setUserClaimValue
  • setUserClaimValues
  • addCredential
  • deleteCredential
  • getCredentials
  • updateCredential
  • addUser
  • addUsers
  • deleteUser
  • getAllUserClaimValues
OAuthAdminService
  • getAppsAuthorizedByUser
  • revokeAuthzForAppsByResoureOwner
  • getAllOAuthApplicationData
  • getAllowedGrantTypes
  • getOAuthApplicationData
  • getOAuthApplicationDataByAppName
  • registerOAuthApplicationData
  • registerOAuthConsumer
  • removeOAuthApplicationData
  • updateConsumerApplication
  • getOAuthApplicationState
  • updateConsumerAppState
  • updateOauthSecretKey
  • isPKCESupportEnabled

  • updateApproveAlwaysForAppConsentByResourceOwner

EntitlementAdminService
  • clearAllAttributeCaches
  • clearAllResourceCaches
  • clearAttributeFinderCache
  • clearAttributeFinderCacheByAt tributes
  • clearCarbonAttributeCache
  • clearCarbonResourceCache
  • clearDecisionCache
  • clearPolicyCache
  • clearResourceFinderCache
  • doTestRequest
  • doTestRequestForGivenPolicies
  • getGlobalPolicyAlgorithm
  • getPDPData
  • getPIPAttributeFinderData
  • getPIPResourceFinderData
  • getPolicyFinderData
  • refreshAttributeFinder
  • refreshPolicyFinders
  • refreshResourceFinder
  • setGlobalPolicyAlgorithm
EntitlementPolicyAdminService
  • addPolicies
  • addPolicy
  • addSubscriber
  • deleteSubscriber
  • dePromotePolicy
  • enableDisablePolicy
  • getAllPolicies
  • getAllPolicyIds
  • getEntitlementData
  • getEntitlementDataModules
  • getLightPolicy
  • getPolicy
  • getPolicyByVersion
  • getPolicyVersions
  • getPublisherModuleData
  • getStatusData
  • getSubscriber
  • getSubscriberIds
  • importPolicyFromRegistry
  • orderPolicy
  • publish
  • publishPolicies
  • publishToPDP
  • removePolicies
  • removePolicy
  • rollBackPolicy
  • updatePolicy
  • updateSubscriber

ClaimManagementService


  • addNewClaimDialect
  • addNewClaimMapping
  • getClaimMappingByDialect
  • getClaimMappings
  • removeClaimDialect
  • removeClaimMapping
  • updateClaimMapping
IdentityApplicationManagementService
  • createApplication
  • deleteApplication
  • getAllApplicationBasicInfo
  • getAllIdentityProviders
  • getAllLocalAuthenticators
  • getAllLocalClaimUris
  • getAllRequestPathAuthenticators
  • getApplication
  • getIdentityProvider
  • updateApplication
IdentityProviderMgtService
  • addIdP
  • deleteIdP
  • getAllFederatedAuthenticators
  • getAllLocalClaimUris
  • getAllProvisioningConnectors
  • getEnabledAllIdPs
  • getIdPByName
  • getResidentIdP
  • updateIdP
  • updateResidentIdP
  • Generic-Operations

STSAdminService



  • addTrustedService
  • getCertAliasOfPrimaryKeyStore
  • getProofKeyType
  • getTrustedServices
  • removeTrustedService
  • setProofKeyType

KeyStoreAdminService

  • addKeyStore
  • addTrustStore
  • deleteStore
  • getKeyStores
  • getKeystoreInfo
  • getPaginatedKeystoreInfo
  • getStoreEntries
  • importCertToStore
  • removeCertFromStore

UserIdentityManagementAdminService



  • changeUserPassword
  • deleteUser
  • getAllChallengeQuestions
  • getAllPromotedUserChallenge
  • getAllUserIdentityClaims
  • getChallengeQuestionsOfUser
  • isReadOnlyUserStore
  • lockUserAccount
  • resetUserPassword
  • setChallengeQuestions
  • setChallengeQuestionsOfUser
  • unlockUserAccount
  • updateUserIdentityClaims
  • disableUserAccount
  • enableUserAccount
/admin/configure/securityChallengeQuestionManagementAdminService
  • deleteChallengeQuestionsOfTenant
  • setUserChallengeAnswers
/admin/configure/security/usermgt/provisioningSCIMConfigAdminService
  • addUserProvider
  • deleteUserProvider
  • getAllUserProviders
  • getUserProvider
  • updateUserProvider
/admin/loginAccountCredentialMgtConfigService
  • getEmailConfig
  • saveEmailConfig

ChallengeQuestionManagementAdminService

  • getChallengeQuestionsOfTenant
  • getChallengeQuestionsForUser
  • getChallengeQuestionsForLocale
  • getUserChallengeAnswers
  • setChallengeQuestionsOfTenant
EntitlementService
  • getAllEntitlements
  • getBooleanDecision
  • getDecision
  • getDecisionByAttributes
  • getEntitledAttributes
  • XACMLAuthzDecisionQuery
IdentityProviderAdminService
  • addOpenID
  • extractPrimaryUserName
  • getAllOpenIDs
  • getPrimaryOpenID
  • removeOpenID
  • getAllIdPs
IWAAuthenticator
  • canHandle
  • login
LoggedUserInfoAdmin
  • getUserInfo
UserAccountAssociationService
  • createUserAccountAssociation
  • deleteUserAccountAssociation
  • deleteMyAssociations
  • getAccountAssociationsOfUser
UserInformationRecoveryService
  • confirmUserSelfRegistration
  • getAllChallengeQuestions
  • getCaptcha
  • getUserChallengeQuestion
  • getUserChallengeQuestionIds
  • getUserIdentitySupportedClaims
  • registerUser
  • sendRecoveryNotification
  • updatePassword
  • verifyAccount
  • verifyConfirmationCode
  • verifyUser
  • verifyUserChallengeAnswer
XMPPConfigurationService
  • addUserXmppSettings
  • editXmppSettings
  • getUserIM
  • getXmppSettings
  • hasXMPPSettings
  • isXMPPSettingsEnabled
/admin/manage IdentitySAMLSSOConfigService
  • addRPServiceProvider
  • getCertAliasOfPrimaryKeyStore
  • getClaimURIs
  • getServiceProviders
  • removeServiceProvider
IdentitySTSAdminService
  • readCardIssuerConfiguration
  • updateCardIssueConfiguration
OAuth2TokenValidationService
  • findOAuthConsumerIfTokenIsValid
  • validate
  • buildIntrospectionResponse
ws­xacml
  • XACMLAuthzDecisionQuery
/admin/manage/modify/serviceProfilesAdminService
  • getUserProfile
  • putUserProfile

SecurityAdminService
  • activateUsernameTokenAuthentication
  • applyKerberosSecurityPolicy
  • applySecurity
  • disableSecurityOnService
  • getScenarios
  • getSecurityConfigData
  • getSecurityScenario
Super tenant level permissions
/protected/configure/componentsProvisioningAdminService
  • getAllInstalledFeatures
  • getInstalledFeatureInfo
  • getInstalledFeaturesWithProperty
  • getLicensingInformation
  • getProfileHistory
  • performProvisioningAction
  • removeAllConsoleFeatures
  • removeAllServerFeatures
  • reviewProvisioningAction
/protected/manage/modify/tenants TenantMgtAdminService
  • activateTenant
  • deactivateTenant
  • deleteTenant
  • updateTenant
/protected/manage/monitor/tenants TenantMgtAdminService
  • addSkeletonTenant
  • addTenant
  • getTenant
  • retrievePaginatedPartialSearchTenants
  • retrievePaginatedTenants
  • retrievePartialSearchTenants
  • retrieveTenants
/protected/tenant­admin RemoteTenantManagerService
  • activateTenant
  • addTenant
  • deactivateTenant
  • deleteTenant
  • getAllTenants
  • getDomain
  • getSuperTenantDomain
  • getTenant
  • getTenantId
  • isTenantActive
  • updateTenant
RemoteUserRealmService
  • getRealmConfiguration
Special cases: These operations require multiple permission levels

/admin/configure/security

/admin/manage/modify/service

DirectoryServerManager
  • addServer
  • changePassword
  • getPasswordConformanceRegularExpression
  • getServiceNameConformanceRegularExpression
  • isExistingServicePrinciple
  • isKDCEnabled
  • listServicePrinciples
  • removeServer
KeyStoreAdminService
  • getKeyStores
  • No labels