diff --git a/en/docs/administer/role-based-access-control.md b/en/docs/administer/role-based-access-control.md index cc89dc619d..9ed722606d 100644 --- a/en/docs/administer/role-based-access-control.md +++ b/en/docs/administer/role-based-access-control.md @@ -3,6 +3,32 @@ Super admin can restrict each section in the admin portal based on the scopes. Please follow the below scopes chart to define scopes. +## Step 1 - Create a new role + +1. Sign in to WSO2 Management Console ( `https://:9443+/carbon` ) +2. Click `Add` under `Users and Role` and click on `Add New Role`. +3. Give a name for the role and click `next`. +4. In the permissions screen give the necessary permissions. For example we can enable the `Login` permission. + +## Step 2 - Create a new user + +1. Click `Add` under `Users and Role` and click on `Add New User`. +2. Give an username, password and click `next`. +3. On the `Users of role` screen, choose and assign the role previously created to the new user. + +## Step 3 - Assign scopes for the user + +1. Sign in to WSO2 the Admin portal ( `https://:9443+/admin` ) as the super admin or tenant admin +2. Click `Scope Assignments` in the left sidebar and click on `Add scope mappings` . +3. In the `Provide role name` text input give the role name which was previously created in step 1 and then click `next`. +4. In the `Select Permissions` menu, select the `Custom scope assignments` option. And select the scopes that you want to assign for the newly created role. You can refer the following table when assigning the scopes. For example, If the admin wants the newly created user to access the key managers settings in the admin portal he can assign `apim:keymanagers_manage`, `apim:tenantInfo`, and `apim:admin_settings`. + + [![Add admin Scope Mapping For Role Based Access Control]({{base_path}}/assets/img/administer/add-admin-scope-mapping-role-based-access.png)]({{base_path}}/assets/img/administer/add-admin-scope-mapping-role-based-access.png) + +5. Finally, login to the admin portal as the newly created user which was created in step 2. The user can only access the `Key Managers` settings page. + + [![View Admin After Adding Role Based Access Control]({{base_path}}/assets/img/administer/view-admin-after-adding-role-based-access-control.png)]({{base_path}}/assets/img/administer/view-admin-after-adding-role-based-access-control.png) + | **Admin portal Menu** | **scopes** | |------------------------|----------------------------------------------------------------------------------------------------------------------------------------------| | Rate Limiting Policies | apim:admin_tier_view, apim:admin_tier_manage, apim:tenantInfo, apim:bl_view, apim:bl_manage, apim:admin_settings | diff --git a/en/docs/assets/img/administer/add-admin-scope-mapping-role-based-access.png b/en/docs/assets/img/administer/add-admin-scope-mapping-role-based-access.png new file mode 100644 index 0000000000..3caf7fd1f8 Binary files /dev/null and b/en/docs/assets/img/administer/add-admin-scope-mapping-role-based-access.png differ diff --git a/en/docs/assets/img/administer/view-admin-after-adding-role-based-access-control.png b/en/docs/assets/img/administer/view-admin-after-adding-role-based-access-control.png new file mode 100644 index 0000000000..ed1638f003 Binary files /dev/null and b/en/docs/assets/img/administer/view-admin-after-adding-role-based-access-control.png differ