WSO2 Governance Registry v3.0.1

• Home
• Release Note

Downloads

• Releases

Documentation

• Index
• Installation Guide
• Quick Start
• User Guide
• Developer Guide
• Provisioning Guide
• External Articles

Samples

• Samples Guide

Getting Help

• Mailing Lists
• Wiki
• Forum
• Library

Get Involved

• Checkout the Source
• Mailing Lists

Project Information

• Issue Tracking
• License

WSO2 Governance Registry - Users and Roles

WSO2 Governance Registry - Users and Roles

Table of Contents

• Overview
• The Registry Realm
• Authorizations
• Special Users and Roles

Overview

Managing users and roles is one key area that is critical when it comes to the Governance Registry. The registry can be used to store personal as well as public data and also as a facilitator of sharing resources. Management of users, roles and relevant permissions are handled by means of a number of components.

The Registry Realm

The Registry Realm is an extension of the User Realm to better suit the environment of the registry. The User Realm is responsible of managing, authenticating and also authorizing users and roles with an intermixture of capabilities with respect to various server operations. In addition to storing the permission model for running the WSO2 Carbon server, the User Realm can be extended to manage any model of similar permissions. The Registry Realm and related implementations have been designed to manage permissions related to resources and collections in the registry.

Authorizations

A user or role can be authorized to perform one or more operations on a particular resource or collection.

    AccessControlAdmin accessControlAdmin = registryRealm.getAccessControlAdmin();
    accessControlAdmin.authorizeUser(userName, path, action);
    accessControlAdmin.authorizeRole(roleName, path, action);

Similarly, you can deny a user or role from performing one or more operations on a particular resource or collection. Authorizing and denying are mutually exclusive operations.

    AccessControlAdmin accessControlAdmin = registryRealm.getAccessControlAdmin();
    accessControlAdmin.denyUser(userName, path, action);
    accessControlAdmin.denyRole(roleName, path, action);

The path can be the path of any valid resource or collection on the registry, whilst the action can be one of get, put, delete and authorize. Each of these have corresponding constants (ex:- ActionConstants.GET).

You can also copy authorizations from one path to another.

registryRealm.getAccessControlAdmin().copyAuthorizations(sourcePath, targetPath);

Special Users and Roles

The registry treats each and every user and role in a similar manner at runtime, except for a few special users and roles. The system user is responsible for the operations done on the registry by the server itself. The admin user is a special user having all privileges for performing registry operations. The everyone role represents any valid user.