Manage Users and Roles¶
The WSO2 Micro Integrator has limited role support without fine-grained permission tree support as in the Enterprise Integrator. In Micro Integrator, we have one admin role and all the other roles from primary and secondary user stores are considered non-admin roles.
See the topics given below to understand user management in the Micro Integrator.
User credentials in the MI¶
WSO2 Micro Integrator requires user credentials for authentication and authorization purposes:
-
Authentication for internal APIs
Users accessing the management API and related tools (Micro Integrator ICP/Micro Integrator CLI) for administration tasks should be authenticated.
-
Authentication for integration use cases
Some integration use cases require authentication by dynamic username token and similar WS-Security options. If you already have an external RDBMS or LDAP user store with predefined roles, you can have role-based authentication for your WS-Security user cases.
User authentication is also required for securing REST API artifacts.
-
Authorization for internal APIs
Certain resources of the management API are protected by authorization. Therefore, users should be granted admin privileges to operate those resources.
Admin users¶
Micro Integrator users with admin privileges can manage other users in an LDAP or RDBMS user store that is connected to the Micro Integrator server. These user management tasks include viewing, adding, and removing users.
Tip
Admin users can basically access any resource (of the Micro Integrator's management API) that has authorization privileges enabled. By default, only the users
resource of the management API allows authorization, which allows an admin to perform user management.
Read more about about authorization in the management API.
If a user with admin privileges does not exist in your user store, the admin credentials will be created when you invoke the Micro Integrator's management API for the first time. That is, when you log in to the Micro Integrator server from the CLI tool/ICP server, or directly invoke the management API, the user credentials you use will get stored in the user store and admin privileges will be assigned.
An existing admin user can log in to the Micro Integrator server from the CLI tool or the ICP server to add new users with admin privileges. An admin user can only be removed by the creator.
Non-admin users¶
Users that do not have admin privileges can access the management API, the CLI, and the ICP server to view and monitor integration artifacts and logs.
Manage users and roles from the CLI¶
You can use the WSO2 MI CLI to view details of users, add new users, and remove users from the user store.
For more information, see Manage Users and see Manage Roles.
Manage users and roles from the Integration Control Plane¶
See the Micro Integrator ICP documentation to set up the ICP server. Be sure to log in to the Micro Integrator server (from the ICP server) with your admin user name and password.
Select Users in the left-hand navigator to view the list of existing users.
Click Add User to create new users. Note that you can assign admin privileges during user creation.
Select Roles in the left-hand navigator to view the list of existing roles.
Click Add Role to create new role.