This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Page Comparison - User Management (v.6 vs v.7) - Identity Server 5.0.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 Identity Server supports the role-based authentication model where privileges of a user are based on the role attached.

A user is associated with one or more roles (generally specified upon user creation), and each role is associated with zero or more permissions (also generally specified upon user creation). Therefore, the set of permissions owned by a user is determined by the roles assigned to that user. If a user has several assigned roles, their permissions are added together.

By default, Identity Server comes with the following roles:

  • Admin - Provides full access to all features and controls. By default, the user "Admin" is assigned to both the "Admin" and the "Everyone" roles.
  • Everyone - Every new user is assigned to this role by default. It does not include any permissions.
  • System - This role is not visible in the Management Console.

The Identity Server UI does not allow the configuring of permissions assigned to the "Admin" role.

Before you begin your configurations, note the following:


Your product has a primary user store where the users/roles that you create using the management console are stored by default. It's default RegEx configurations are as follows. RegEx configurations ensure that parameters like the length of a user name/password meet the requirements of the user store.

Code Block
PasswordJavaRegEx-------- ^[\S]{5,30}$
PasswordJavaScriptRegEx-- ^[\S]{5,30}$
UsernameJavaRegEx-------- ^~!#$;%*+={}\\{3,30}$
UsernameJavaScriptRegEx-- ^[\S]{3,30}$
RolenameJavaRegEx-------- ^~!#$;%*+={}\\{3,30}$
RolenameJavaScriptRegEx-- ^[\S]{3,30}$


User management functionality is provided by default in all WSO2 Carbon-based products and is configured in the user-mgt.xml file found in the<PRODUCT_HOME>/repository/conf/


The permission model of WSO2 Identity Server is hierarchical. Permissions can be assigned to a role in a fine-grained or a coarse-grained manner.


WSO2 Carbon maintains roles and permissions in the Carbon database, but it can also read users/roles from the configured User Store.

For detailed information on configuring users, roles, and permissions, see the following pages:

Children Display




 directory. For more information on user management, see the following topics.

Children Display