This documentation is for WSO2 IoT Server 3.1.0. View the documentation for the latest release.
Configuring Role Permissions - IoT Server 3.1.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

This section provides details on how to configure permissions by defining permissions to an API and the permissions associated with the APIs.

Defining permissions for APIs

If you wish to create additional permission, follow the steps given below:

  1. Navigate to the JAX-RS web application that of your device types API folder. For more information, see the permission XML file of the virtual fire-alarm.
  2. Define the new permission using the @permission annotation.
    The scope defines to whom the API is limited to and the permission that is associated with a given API.

    @Permission(scope = "virtual_firealarm_user", permissions = {"/permission/admin/device-mgt/user/operations"})
  3. Restart WSO2 IoT Server and you will see the new permission created in the permission tree.
    Now only users who have this specific permission assigned to them will be able to control the buzzer of the fire-alarm.

Permission APIs

Let's take a look at the default permissions associated with the APIs.

Permission related to WSO2 IoT Server Administrator

device-mgt/admin/dashboardPermission to access the WSO2 IoT Server analytics dashboard.
device-mgt/admin/devicesPermission to access the APIs related to devices.
device-mgt/admin/devices/listPermission to access the get all devices API.
device-mgt/admin/devices/viewPermission to access and retrieve device information from the APIs.
device-mgt/admin/groupsPermission to access the APIs related to groups.
device-mgt/admin/groups/listPermission to access the get all groups API.
device-mgt/admin/groups/roles/Permission to access the API that gets all the roles added to a group.
device-mgt/admin/groups/roles/permissionPermission to access the API that gets all the permissions associates with the roles that can access groups.
device-mgt/admin/groups/roles/addPermission to access the API that enable a role to be added to a group.
device-mgt/admin/groups/roles/deletePermission to access the API that enable a role to be deleted from a group.
device-mgt/admin/information/getPermission to access the get all information API.
device-mgt/admin/notificationsPermission to access the APIs related to notifications
device-mgt/admin/notifications/addPermission to access the add notification API.
device-mgt/admin/notifications/updatePermission to access the update notification API.
device-mgt/admin/notifications/viewPermission to access the view notification API.
device-mgt/admin/operationsPermission to access the APIs related to operations.
device-mgt/admin/operations/applicationPermission to access the APIs related to application operations, such as installing, uninstalling and viewing applications.
device-mgt/admin/operations/application/install-applicationsPermission to access the install application API.
device-mgt/admin/operations/application/uninstall-applicationsPermission to access the uninstall application API.
device-mgt/admin/operations/application/view-applicationsPermission to access the view application API.
device-mgt/admin/platform-configsPermission to access the platform configurations API.
Example: Platform configurations can be used to configure the the device communication mechanisam, such as MQTT, XMPP or any other method.
device-mgt/admin/platform-configs/addPermission to access the add platform configurations API.
device-mgt/admin/platform-configs/modifyPermission to modify a platform configuration API.
device-mgt/admin/platform-configs/viewPermission to access the get all platform configuration details API.
device-mgt/admin/policiesPermission to access all the APIs related to managing policies.
device-mgt/admin/policies/addPermission to access the add policy API.
device-mgt/admin/policies/listPermission to access the get all policies API.
device-mgt/admin/policies/removePermission to access the delete policy API.
device-mgt/admin/policies/updatePermission to access the update policy API.
device-mgt/admin/rolesPermission to access the APIs related to roles, such as getting details, adding deleting and updating roles.
device-mgt/admin/roles/addPermission to access the add role API.
device-mgt/admin/roles/listPermission to access the get all roles API.
device-mgt/admin/roles/removePermission to access the delete role API.
device-mgt/admin/roles/updatePermission to access the update role API.
device-mgt/admin/searchPermission to access the search device API.
device-mgt/admin/usersPermission to access the APIs that are realted to adding, inviting, getting details, updating, deleting and resetting password of users.
device-mgt/admin/users/addPermission to access the add user API.
device-mgt/admin/users/invitePermission to access the invite user API.
device-mgt/admin/users/listPermission to access the get all users API.
device-mgt/admin/users/password-resetPermission to access the password reset API.
device-mgt/admin/users/removePermission to access the delete user API.
device-mgt/admin/users/updatePermission to access the update user API.

Permission to access and retrieve user information from the APIs.

Permission related to APIs

device-mgt/api/application/addPermission to access the create an API application, API.
device-mgt/api/application/removePermission to access the delete an API application, API.

Permission related to WSO2 IoT Server device management users

device-mgt/userPermission to access the APIs that are related to users.
device-mgt/user/devicesPermission to access the devices APIs.
device-mgt/user/devices/listPermission to access the get all devices API.
device-mgt/user/devices/removePermission to access the delete device API.
device-mgt/user/devices/updatePermission to access the update device API.
device-mgt/user/devices/viewPermission to access the retrieve and get all device information API.
device-mgt/user/groupsPermission to access the device group APIs.
device-mgt/user/groups/addPermission to access the add a group API.
device-mgt/user/groups/deletePermission to access the delete a group API.
device-mgt/user/groups/devicesPermission to access the API that gets all the devices in a group.
device-mgt/user/groups/devices/addPermission to access the add a device to a group API.
device-mgt/user/groups/devices/countPermission to access the number of devices in a group API.
device-mgt/user/groups/devices/listPermission to access the API that gets all the device information in a group/
device-mgt/user/groups/devices/removePermission to access the delete a device from a group API.
device-mgt/user/groups/listPermission to access the API that gets all the groups.
device-mgt/user/groups/rolesPermission to access the API that gets roles associated with a group.
device-mgt/user/groups/sharePermission to access the API that gets the details of the shared groups.
device-mgt/user/groups/unsharePermission to access the API that gets the details of the groups that are not shared.
device-mgt/user/groups/updatePermission to access update group API.
device-mgt/user/groups/usersPermission to access APIs that are related to users in a group.
device-mgt/user/groups/users/listPermission to access the API that gets the users in a group.
device-mgt/user/groups/users/permissionPermission to access the API that gets the permission details of the users in a group.
device-mgt/user/groups/viewPermission to access the API that gets all the information about the groups.
device-mgt/user/notifications Permission to access the notifications API.
device-mgt/user/operationPermission to access the operation APIs.
device-mgt/user/policiesPermission to access the policies APIs.
device-mgt/user/policies/addPermission to access the add a policy API.
device-mgt/user/policies/updatePermission to access the update a policy API.
]device-mgt/user/statsPermission to access the get device statistics API.

Other permissions

loginEnables users to log in.

  • No labels