This documentation is for WSO2 API Manager 2.0.0. View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Roles contain permissions for users to manage the server. They


can be reused and they eliminate the overhead of granting permissions to users individually.

Throughout this documentation, we use the following roles that are typically used in many enterprises. You can also define different user roles depending on your requirements.

  • admin: The API management provider who hosts and manages the API Gateway. S/he is responsible for creating user roles in the system, assign them roles, managing databases, security etc. The Admin role is available by default with the credentials admin/admin.
  • creator: A creator is typically a person in a technical role who understands the technical aspects of the API (interfaces, documentation, versions etc.) and uses the API publisher to provision APIs into the API store. The creator uses the API Store to consult ratings and feedback provided by API users. Creator can add APIs to the store but cannot manage their lifecycle.
  • publisher: A person in a managerial role and overlooks a set of APIs across the enterprise and controls the API lifecycle, subscriptions and monetization aspects. The publisher is also interested in usage patterns for APIs and has access to all API statistics.
  • subscriber: A user or an application developer who searches the  API store to discover APIs and use them. S/he reads the documentation and forums, rates/comments on the APIs, subscribes to APIs, obtains access tokens and invokes the APIs.

Follow Follow the instructions below to create the creator, publisher and subscriber roles in the API Manager.

Create user roles

  1. Log in to the management console (https://localhost:9443/carbon) as admin (default credentials are admin/admin).
  2. Select

    In the Main menu, click Add under Users and Roles

    under the Configure menu.   Image Removed
  3. In the User Management page that opens, click Roles.
    Image Removed

  4. Click.   
    Image Added

  5. Click Add New Role.
    Image RemovedImage Added

  6. Enter the name of the user role (e.g., creator) and click Next.
    Image Modified


    Tip: The Domain drop-down list contains all user stores configured in the system. By default, you only have the PRIMARY user store. To configure secondary user stores, see Configuring Secondary User Stores.

  7. The permissions page opens. Select the permissions according to the role that you create. The table below lists the permissions of the creator, publisher and subscriber roles:

    • Configure > Governance and all underlying permissions.
    • Login
    • Manage > API > Create Create 
    • Manage > Resources > Govern and all underlying permissions permissions 
    Image RemovedImage Added
    • Login
    • Manage > API > Publish
    Image RemovedImage Added


    • Login
    • Manage > API > Subscribe


  8. Click Finish once you are done adding permissionpermissions.