Skip to content

Commit

Permalink
Merge pull request #7930 from shnrndk/adminrolebasemaster
Browse files Browse the repository at this point in the history
Update Role based access control for Admin Portal doc
  • Loading branch information
tharikaGitHub authored May 2, 2024
2 parents cc67127 + 39f2fca commit 874c58e
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 0 deletions.
26 changes: 26 additions & 0 deletions en/docs/administer/role-based-access-control.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,32 @@
Super admin can restrict each section in the admin portal based on the scopes. Please follow the
below scopes chart to define scopes.

## Step 1 - Create a new role

1. Sign in to WSO2 Management Console ( `https://<Server Host>:9443+<port offset>/carbon` )
2. Click `Add` under `Users and Role` and click on `Add New Role`.
3. Give a name for the role and click `next`.
4. In the permissions screen give the necessary permissions. For example we can enable the `Login` permission.

## Step 2 - Create a new user

1. Click `Add` under `Users and Role` and click on `Add New User`.
2. Give an username, password and click `next`.
3. On the `Users of role` screen, choose and assign the role previously created to the new user.

## Step 3 - Assign scopes for the user

1. Sign in to WSO2 the Admin portal ( `https://<Server Host>:9443+<port offset>/admin` ) as the super admin or tenant admin
2. Click `Scope Assignments` in the left sidebar and click on `Add scope mappings` .
3. In the `Provide role name` text input give the role name which was previously created in step 1 and then click `next`.
4. In the `Select Permissions` menu, select the `Custom scope assignments` option. And select the scopes that you want to assign for the newly created role. You can refer the following table when assigning the scopes. For example, If the admin wants the newly created user to access the key managers settings in the admin portal he can assign `apim:keymanagers_manage`, `apim:tenantInfo`, and `apim:admin_settings`.

[![Add admin Scope Mapping For Role Based Access Control]({{base_path}}/assets/img/administer/add-admin-scope-mapping-role-based-access.png)]({{base_path}}/assets/img/administer/add-admin-scope-mapping-role-based-access.png)

5. Finally, login to the admin portal as the newly created user which was created in step 2. The user can only access the `Key Managers` settings page.

[![View Admin After Adding Role Based Access Control]({{base_path}}/assets/img/administer/view-admin-after-adding-role-based-access-control.png)]({{base_path}}/assets/img/administer/view-admin-after-adding-role-based-access-control.png)

| **Admin portal Menu** | **scopes** |
|------------------------|----------------------------------------------------------------------------------------------------------------------------------------------|
| Rate Limiting Policies | apim:admin_tier_view, apim:admin_tier_manage, apim:tenantInfo, apim:bl_view, apim:bl_manage, apim:admin_settings |
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 874c58e

Please sign in to comment.