This documentation is for WSO2 API Manager 1.6.0 View documentation for the latest release.
Page Comparison - User Roles in the API Manager (v.7 vs v.8) - API Manager 1.6.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log in to the Management Console (https://localhost:9443/carbon) and select Users and Roles under the Configure menu. For instructions on accessing the Management Console, see Running the Product.
  2. In the User Management  page that opens, click Roles and Add New Role link.
    Table of Contents
    maxLevel4
    minLevel4

    Adding the creator role

  3. Add user role as creator and click Next.  The Domain drop-down list contains all user stores configured for this product instance. By default, you only have the PRIMARY user store. To configure secondary user stores, see Configuring Secondary User Stores.
  4. Give the following privileges to the creator role. You can select them from the list of permissions that appears.
    • Configure > Governance and all underlying permissions.
    • Login
    • Manage > API > Create
    • Manage > Resources > Govern and all underlying permissions

      Image RemovedImage Added   
      Any user with the above permissions assigned is able to create, update and manage APIs using the  API Publisher  Web interface.

  5. Click Finish once you are done adding permission. The role will be listed in the Roles window as follows:

    From here, you can rename, edit, delete or assign users to the role.

    Adding the publisher role

  6. In the Add Role page, add user role as publisher and click Next.  The Domain drop-down list contains all user stores configured for this product instance. By default, you only have the PRIMARY user store. To configure secondary user stores, see Configuring Secondary User Stores.
  7. Give the following privileges to the publisher role by selecting them from the list of permissions that appears.  
    • Login
    • Manage > API > Publish

    Image Removed Image Added
      Any user with the above permissions assigned is able to manage the API's life cycle using the API Publisher Web interface.  

  8. Click Finish once you are done adding permission. The role will be listed in the Roles window as follows:

    From here, you can rename, edit, delete or assign users to the role. 

    The default subscriber role

    When you first log in to the Management Console, you can see the subscriber role already there, defined out of the box. The reason is because API Manager assigns this default subscriber role to all users who self-register to the API Store. 

    Follow the instructions below to create a different role with the same permission levels.

  9. In the Add Role window, add a suitable name for the role and click Next.   For For example,
  10. Give the following privileges to the new role.

    • Login
    • Manage > API > Subscribe

    Image RemovedImage Added

    Any user with the above permissions assigned is able to log in to the API Store and perform operations on the published APIs. 

  11. Click Finish once you are done adding permission. The role will be listed in the Roles window.
  12. Open <APIM_HOME>/repository/conf/ api-manager.xml file and edit the <SelfSignUp> element to reflect the newly added role. For example,

    Code Block
    languagehtml/xml
    <SelfSignUp>
         <Enabled>true</Enabled>
         <SubscriberRoleName>NewSubscriber</SubscriberRoleName>
         <CreateSubscriberRole>true</CreateSubscriberRole>
    </SelfSignUp>

    Editing this file ensures that all users who self-sign-up to API Store are automatically assigned the NewSubscriber role.

    Info

    Note: The <CreateSubscriberRole> parameter specifies whether the subscriber role should be created in the local user store or not. It is only used when the API subscribers are authenticated against the local user store. That means the local Carbon server is acting as the AuthManager.

    Set this parameter to false if a remote Carbon server acts as the AuthManager.