Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Application visibility allows


you to prevent users with certain roles from viewing a


web application in the App Store.


 When creating a web application using the App


Publisher, you can make the app




to the public, or restrict its visibility to a particular role(s)



Table of Contents


Web applications with public visibility

Web apps with public visibility, which


are created by a user of a specific tenant domain


, are visible to all users (subscribers


and anonymous users)


 of that domain. Do not select


the Restrict Visibility field if you need to enable public visibility.

Web applications with visibility restricted by roles

Web applications with a visibility restricted to specific roles are visible only to users assigned to that particular role. Specify the user roles that need to have access to the Web web application in the Restrict Visibility fieldRestrict Visibility field.

  • Roles that have Web web application creation and publication permissions can see all applications in their tenant App Store, even if you restrict access to those roles. This is because , any role that has Web web application creation and publication permissions can view and edit all Web web applications in the App Publisher.

  • If you restrict the visibility of a Web web app to a default internal/subscriber role, any user who registers to the App Store is able to access the Web web application. This is because, WSO2 App Manager assigns the internal/subscriber role to all users who register to the App Store.

In WSO2 App Manager, visibility levels work for users in different tenant modes as follows.

Visibility in super tenant domain

Application subscribers in of the default super tenant domain can see applications depending on its visibility level as follows.

  • Anonymous users


    can view all applications with public visibility.

  • Signed-in users : can view all applications with public visibility, as well as applications that are restricted to a role , which is assigned to the signed-up in user.

Visibility in multi-tenant mode

A tenant's App Store is the App Store , which is specific to the tenant domain of the user. Therefore, in multi-tenant mode, a subscriber can view applications based on their visibility levels, as well as the App Store the user is viewing. Any subscriber can view applications of its tenant App Store depending on its visibility level as follows:

  • Anonymous

    users: can

    users can view apps that have public visibility


    and are created within the current user's tenant domain.

  • Signed-in users



    view apps

    view apps that have public visibility




    apps created within the current users tenant

    domain, and also applications created within the current user's tenant domain, which

    domain that are allowed to be accessed by the current user role.

Controlling visibility of a new user role

Follow the steps below


to configure


web application visibility.

  1. Log in to
  2. management console
  3. the Management Console (https://localhost:9443/carbon)
  4. ,
  5. and create a user role named roleA with the permissions given below
  6. permissions
  7. . For information on user roles,
  8. see
  9. see Configuring Users and Roles.
    Image Modified
  10. Create a role
  11. named roleB
  12. named roleB with the same permissions as specified above.
  13. Create a user
  14. named userA
  15. named userA and assign roleA to the user.
  16. Create a user
  17. named userB and assign roleB to
  18. named userB and assign roleB to the user.
  19. Create

  20. a Web
  21. web application.

  22. Since we are going to
  23. To restrict

  24. the
  25. visibility of this

  26. Web
  27. web app to roleA,

  28. enter
  29.  enter roleA

  30. as
  31.  as the value

  32. of Restrict Visibility field,
  33. in the Restrict Visibility field when creating the

  34. Web
  35. app.

  36. For instructions on creating a Web app, see Creating Web Applications.
  37. Publish the Web application. For instructions on publishing a Web app, see Publishing Web Applications.
  38. Access
  39. Note

    In order to create a web app, log in with a user that has the following permissions:

    • All Permissions > Admin Permissions > Configure > Governance and all underlying permissions
    • All Permissions > Admin Permissions > Login
    • All Permissions > Admin Permissions > Manage > API > Create  
    • All Permissions > Admin Permissions > Manage > Resources > Govern and all underlying permissions  
  40. Publish the web application.
  41. Access the App Store as an anonymous user. You
  42. will not view the
  43. are unable to see the newly created application in the App Store.
  44. Log
  45. Now log in to the App Store as userA. You are now able to
  46. view
  47. see the
  48. Web
  49. newly created application.
  50. Log in to the App Store as userB or any other user who is not
  51. assigned with roleA
  52. assigned roleA. You
  53. will not be able to view the Web application since it is restricted only
  54. are unable to see the application as visibility is restricted to roleA.