Skip to content

WSO2 Identity Server user roles

Roles consist of the permissions that are required by users to access the WSO2 Identity Server resources such as functions available on the WSO2 Identity Server Console, REST APIs, etc.

When you assign a role to a user, you are controlling what the user can do in WSO2 Identity Server.

By default, WSO2 Identity Server has the admin user role. This role includes all administrative permissions in the organization. An organization can have many users with the admin role. An admin is a privileged user who has overall access to the organization.

The following list contains the permissions enabled for an admin:

User management

  • View users
  • Onboard users
  • Update user profiles
  • Delete users
  • Terminate sessions
  • View groups
  • Create groups
  • Update and delete groups
  • View assigned users to groups
  • Assign users to groups
  • View roles
  • Create roles
  • Update and delete roles
  • Assign users to roles
  • Assign groups to roles

Application management

  • View apps and app settings
  • Register apps
  • Update and delete apps
  • Update Sign-in methods
  • Update protocol settings

Connections management

  • View connections and connection settings
  • Create new connection
  • Update and delete connections

Organization management

  • Create new organizations
  • View all the organizations created
  • As the organization creator, update and delete organizations that you created
  • Switch to the organizations that you created
  • Share applications from the organization (root) to its organizations

Managing attributes and scopes

  • View attributes
  • Create new attributes
  • Update and delete attributes
  • View scopes
  • Add new attributes to scopes
  • Update and delete scopes

Managing organization settings

  • View account recovery scenario and settings
  • Configure account recovery scenarios
  • View self registration related settings
  • Configure self registration for users
  • View account security related settings and configurations
  • Configure account security related settings