This documentation is for WSO2 API Manager 2.1.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Log in to the management console (https://<APIM_Host>:<APIM_Port>/admin) as admin (default credentials are admin/admin).
  2. In the Main menu, click Add under Users and Roles.   

  3. Click Add New Role.

  4. Enter the name of the user role (e.g., creator) and click Next.


    Tip: The Domain drop-down list contains all user stores configured in the system. By default, you only have the PRIMARY user store. To configure secondary user stores, see Configuring Secondary User Stores.

  5. The permissions page opens. Select the permissions according to the role that you create. The table below lists the permissions of the creator, publisher and subscriber roles which are available by default:

    • Configure > Governance and all underlying permissions.
    • Login
    • Manage > API > Create 
    • Manage > Resources > Govern and all underlying permissions 
    • Login
    • Manage > API > Publish


    • Login
    • Manage > API > Subscribe

  6. Click Finish once you are done adding permissions.


When a subscriber user creates an application and subscribes to an APIgenerates token, a role is created automatically as shown belowin the following format.

Code Block

These roles are do not assigned have any permissions when created. The application assigned but used manage the visibility of the corresponding service provider created in Key Manager, with the format of '<username>_<applicationName>_PRODUCTION'. The created service provider is visible only to users of that particular rolewith the aforementioned role which has been generated automatically. For other users to be able to view the service provider created per each application, a user with admin privileges has to assign the role to the users.