This documentation is for WSO2 IoT Server 3.2.0. View the documentation for the latest release.
Page Comparison - Product Administration (v.2 vs v.3) - IoT Server 3.2.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Configuring the System AdministratorThe admin user is the super tenant that will be able to manage all other users, roles and permissions in the system by using the management console of the product. Therefore, the user that should have admin permissions is required to be stored in the primary user store when you start the system for the first time. The documentation on setting up primary user stores will explain how to configure the administrator while configuring the user store. The information under this topic will explain the main configurations that are relevant to setting up the system administrator.
Configuring the Authorization ManagerAccording to the default configuration in WSO2 products, the users, roles and permissions are stored in the same repository (i.e., the default, embedded H2 database). However, you can change this configuration in such a way that the users and roles are stored in one repository (user store) and the permissions are stored in a separate repository. A user store can be a typical RDBMS, an LDAP or an external Active Directory. 

The repository that stores permissions should always be an RDBMS. The Authorization Manager configuration in the user-mgt.xml file (stored in the <PRODUCT_HOME>/conf/ directory) connects the system to this RDBMS. The information under this topic will instruct you through setting up and configuring the Authorization Manager.  

Configuring User Stores

The user management feature in WSO2 products allows you to maintain multiple user stores for your system that are used to store the users and their roles. The following topics guide you through configuring the user stores:

Configuring UsersTo enable users to log into the management console, you create user accounts and assign them roles, which are sets of permissions. You can add individual users or import users in bulk.


Configuring security

After you install WSO2 IoT Server, it is recommended to change the default security settings according to the requirements of your production environment. As WSO2 IoT Server is built on top of the WSO2 Carbon Kernel, the main security configurations applicable to IoT Server are inherited from the Carbon kernel.


Monitoring Logs using Management Console

Monitoring logs using the management console of your product is possible with the Logging Management feature. To use this feature, see the following topics:

  • Configuring Log4j Properties


    The WSO2 IoT Server's Log4j property files can be found here:

    Core profile<IOTS_HOME>/conf/
    Analytics profile<IOTS_HOME>/wso2/analytics/conf/
    Broker profile<IOTS_HOME>/wso2/broker/conf/
  • Configuring the Log Provider


    The WSO2 IoT Server's carbon log files can be found here:

    Core profile<IOTS_HOME>/repository/logs
    Analytics profile<IOTS_HOME>/wso2/analytics/repository/logs
    Broker profile<IOTS_HOME>/wso2/broker/repository/logs
  • View and Download Logs
HTTP Access Logging HTTP Requests/Responses are logged in the access log(s) and are helpful to monitor your application's usage activities, such as the persons who access it, how many hits it receives, what the errors are etc. This information is useful for troubleshooting. As the runtime of WSO2 products is based on Apache Tomcat, you can use the Access_Log_Valve variable in Tomcat 7, as explained in this topic, to configure HTTP access logs in WSO2 products.

You can also customize the access logs based on the supported Access Log Valve attributes.