Application visibility allows
you to prevent users with certain roles from viewing a
web application in the App Store.
When creating a web application using the App
Publisher, you can make the app
to the public, or restrict its visibility to a particular role(s)
Table of Contents maxLevel 3
Web applications with public visibility
Web apps with public visibility, which
are created by a user of a specific tenant domain
, are visible to all users (subscribers
and anonymous users)
of that domain. Do not select
the Restrict Visibility field if you need to enable public visibility.
Web applications with visibility restricted by roles
Web applications with a visibility restricted to specific roles are visible only to users assigned to that particular role. Specify the user roles that need to have access to the Web web application in the Restrict Visibility fieldRestrict Visibility field.
In WSO2 App Manager, visibility levels work for users in different tenant modes as follows.
Visibility in super tenant domain
Application subscribers in of the default super tenant domain can see applications depending on its visibility level as follows.
can view all applications with public visibility.
- Signed-in users : can view all applications with public visibility, as well as applications that are restricted to a role , which is assigned to the signed-up in user.
Visibility in multi-tenant mode
A tenant's App Store is the App Store , which is specific to the tenant domain of the user. Therefore, in multi-tenant mode, a subscriber can view applications based on their visibility levels, as well as the App Store the user is viewing. Any subscriber can view applications of its tenant App Store depending on its visibility level as follows:
users can view apps that have public visibility,
and are created within the current user's tenant domain.
view apps that have public visibility,
apps created within the current users tenantdomain, and also applications created within the current user's tenant domain, which
domain that are allowed to be accessed by the current user role.
Controlling visibility of a new user role
Follow the steps below
web application visibility.
- Log in to management console
- the Management Console (
- and create a user role named roleA with the permissions given below permissions
- . For information on user roles, see
- see Configuring Users and Roles.
- Create a role named roleB
- named roleB with the same permissions as specified above.
- Create a user named userA
- named userA and assign roleA to the user.
- Create a user named userB and assign roleB to
- named userB and assign roleB to the user.
Create a Web
- Since we are going to
To restrict the
visibility of this Web
web app to roleA, enter
as the value of Restrict Visibility field,
in the Restrict Visibility field when creating the Web
app. For instructions on creating a Web app, see Creating Web Applications.
- Publish the Web application. For instructions on publishing a Web app, see Publishing Web Applications. Access
In order to create a web app, log in with a user that has the following permissions:
- All Permissions > Admin Permissions > Configure > Governance and all underlying permissions
- All Permissions > Admin Permissions > Login
- All Permissions > Admin Permissions > Manage > API > Create
- All Permissions > Admin Permissions > Manage > Resources > Govern and all underlying permissions
- Publish the web application.
- Access the App Store as an anonymous user. You will not view the
- are unable to see the newly created application in the App Store. Log
- Now log in to the App Store as userA. You are now able to view
- see the Web
- newly created application.
- Log in to the App Store as userB or any other user who is not assigned with roleA
- assigned roleA. You will not be able to view the Web application since it is restricted only
- are unable to see the application as visibility is restricted to roleA.