Configuring Role Permissions

This section provides details on how to configure permissions by defining permissions to an API and the permissions associated with the APIs.

Defining permissions for APIs

If you wish to create additional permission, follow the steps given below:

Navigate to the JAX-RS web application that of your device types API folder. For more information, see the permission XML file of the virtual fire-alarm.
Define the new permission using the @permission annotation.
The scope defines to whom the API is limited to and the permission that is associated with a given API.
Example:
```
@Permission(scope = "virtual_firealarm_user", permissions = {"/permission/admin/device-mgt/user/operations"})
```
Restart WSO2 IoT Server and you will see the new permission created in the permission tree.
Now only users who have this specific permission assigned to them will be able to control the buzzer of the fire-alarm.

Permission APIs

Let's take a look at the default permissions associated with the APIs.

Permission related to WSO2 IoT Server Administrator

Permission	Description
`device-mgt/admin/dashboard`	Permission to access the WSO2 IoT Server analytics dashboard.
`device-mgt/admin/devices`	Permission to access the APIs related to devices.
`device-mgt/admin/devices/list`	Permission to access the get all devices API.
`device-mgt/admin/devices/view`	Permission to access and retrieve device information from the APIs.
`device-mgt/admin/groups`	Permission to access the APIs related to groups.
`device-mgt/admin/groups/list`	Permission to access the get all groups API.
`device-mgt/admin/groups/roles/`	Permission to access the API that gets all the roles added to a group.
`device-mgt/admin/groups/roles/permission`	Permission to access the API that gets all the permissions associates with the roles that can access groups.
`device-mgt/admin/groups/roles/add`	Permission to access the API that enable a role to be added to a group.
`device-mgt/admin/groups/roles/delete`	Permission to access the API that enable a role to be deleted from a group.
`device-mgt/admin/information/get`	Permission to access the get all information API.
`device-mgt/admin/notifications`	Permission to access the APIs related to notifications
`device-mgt/admin/notifications/add`	Permission to access the add notification API.
`device-mgt/admin/notifications/update`	Permission to access the update notification API.
`device-mgt/admin/notifications/view`	Permission to access the view notification API.
`device-mgt/admin/operations`	Permission to access the APIs related to operations.
`device-mgt/admin/operations/application`	Permission to access the APIs related to application operations, such as installing, uninstalling and viewing applications.
`device-mgt/admin/operations/application/install-applications`	Permission to access the install application API.
`device-mgt/admin/operations/application/uninstall-applications`	Permission to access the uninstall application API.
`device-mgt/admin/operations/application/view-applications`	Permission to access the view application API.
`device-mgt/admin/platform-configs`	Permission to access the platform configurations API. Example: Platform configurations can be used to configure the the device communication mechanisam, such as MQTT, XMPP or any other method.
`device-mgt/admin/platform-configs/add`	Permission to access the add platform configurations API.
`device-mgt/admin/platform-configs/modify`	Permission to modify a platform configuration API.
`device-mgt/admin/platform-configs/view`	Permission to access the get all platform configuration details API.
`device-mgt/admin/policies`	Permission to access all the APIs related to managing policies.
`device-mgt/admin/policies/add`	Permission to access the add policy API.
`device-mgt/admin/policies/list`	Permission to access the get all policies API.
`device-mgt/admin/policies/remove`	Permission to access the delete policy API.
`device-mgt/admin/policies/update`	Permission to access the update policy API.
`device-mgt/admin/roles`	Permission to access the APIs related to roles, such as getting details, adding deleting and updating roles.
`device-mgt/admin/roles/add`	Permission to access the add role API.
`device-mgt/admin/roles/list`	Permission to access the get all roles API.
`device-mgt/admin/roles/remove`	Permission to access the delete role API.
`device-mgt/admin/roles/update`	Permission to access the update role API.
`device-mgt/admin/search`	Permission to access the search device API.
`device-mgt/admin/users`	Permission to access the APIs that are realted to adding, inviting, getting details, updating, deleting and resetting password of users.
`device-mgt/admin/users/add`	Permission to access the add user API.
`device-mgt/admin/users/invite`	Permission to access the invite user API.
`device-mgt/admin/users/list`	Permission to access the get all users API.
`device-mgt/admin/users/password-reset`	Permission to access the password reset API.
`device-mgt/admin/users/remove`	Permission to access the delete user API.
`device-mgt/admin/users/update`	Permission to access the update user API.
`device-mgt/admin/users/view`	Permission to access and retrieve user information from the APIs.

Permission related to APIs

Permission	Description
`device-mgt/api/application/add`	Permission to access the create an API application, API.
`device-mgt/api/application/remove`	Permission to access the delete an API application, API.

Permission related to WSO2 IoT Server device management users

Permission	Description
`device-mgt/user`	Permission to access the APIs that are related to users.
`device-mgt/user/devices`	Permission to access the devices APIs.
`device-mgt/user/devices/list`	Permission to access the get all devices API.
`device-mgt/user/devices/remove`	Permission to access the delete device API.
`device-mgt/user/devices/update`	Permission to access the update device API.
`device-mgt/user/devices/view`	Permission to access the retrieve and get all device information API.
`device-mgt/user/groups`	Permission to access the device group APIs.
`device-mgt/user/groups/add`	Permission to access the add a group API.
`device-mgt/user/groups/delete`	Permission to access the delete a group API.
`device-mgt/user/groups/devices`	Permission to access the API that gets all the devices in a group.
`device-mgt/user/groups/devices/add`	Permission to access the add a device to a group API.
`device-mgt/user/groups/devices/count`	Permission to access the number of devices in a group API.
`device-mgt/user/groups/devices/list`	Permission to access the API that gets all the device information in a group/
`device-mgt/user/groups/devices/remove`	Permission to access the delete a device from a group API.
`device-mgt/user/groups/list`	Permission to access the API that gets all the groups.
`device-mgt/user/groups/roles`	Permission to access the API that gets roles associated with a group.
`device-mgt/user/groups/share`	Permission to access the API that gets the details of the shared groups.
`device-mgt/user/groups/unshare`	Permission to access the API that gets the details of the groups that are not shared.
`device-mgt/user/groups/update`	Permission to access update group API.
`device-mgt/user/groups/users`	Permission to access APIs that are related to users in a group.
`device-mgt/user/groups/users/list`	Permission to access the API that gets the users in a group.
`device-mgt/user/groups/users/permission`	Permission to access the API that gets the permission details of the users in a group.
`device-mgt/user/groups/view`	Permission to access the API that gets all the information about the groups.
`device-mgt/user/notifications`	Permission to access the notifications API.
`device-mgt/user/operation`	Permission to access the operation APIs.
`device-mgt/user/policies`	Permission to access the policies APIs.
`device-mgt/user/policies/add`	Permission to access the add a policy API.
`device-mgt/user/policies/update`	Permission to access the update a policy API.
`]device-mgt/user/stats`	Permission to access the get device statistics API.

Other permissions

Permission	Description
`login`	Enables users to log in.