Managing Users for Admin Portal¶
A user with an admin role is the API management controller who hosts and manages the gateway, responsible for creating users in the system, assigning roles to them, managing databases and security, etc. That user can access WSO2 Admin Portal (https://<APIM_Host>:<APIM_Port>/admin
) and perform the operations of defining workflow tasks and throttling policies, adding gateway labels, etc.
However, there are situations where you need to limit a user to access the Admin Portal only and restrict that user to perform other tasks that require admin permissions. Therefore, the admin role which has all the admin-related permissions cannot be assigned to a user who needs Admin Portal access.
In the latter mentioned situations, you need to create a new role permission mapping for a created role, assign it to a user, and access the Admin Portal using the latter mentioned user's credentials as explained below:
Step 1 - Create a user role¶
-
Sign in to the management console. The admin default credentials are
admin
/admin
.https://<APIM_host>:<API-M_port>/carbon
-
Click Main, and then click Add under Users and Roles.
-
Click Add New Role.
-
Enter the name of the user role which you are going to assign Admin Portal access (e.g.,
adminPortalManager
) and click Next
The permissions page opens.
- Click Finish without selecting any permissions.
Now a new user role adminPortalManager
has been created without any associated permissions.
Step 2 - Create role permissions¶
-
Sign in to Admin Portal. The admin default credentials are
admin
/admin
.https://<API-M_host>:<API-M_port>/admin
-
Navigate to Settings > Role Permissions in the Admin Portal.
-
Click Add role permission.
-
Enter the role name that you created in step 1. Then click Next to proceed.
-
In Select permissions select Custom Permissions and navigate to Permissions → admin. Assign the scopes according to the role of the user.
-
You need to assign the following scopes to any user to login and access a minimum version of Admin Portal. A user with these scopes will get access to manage workflow tasks.
apim:api_workflow_view
apim:api_workflow_approve
apim:admin_settings
apim:tenantInfo
- To allow a user to perform all Admin Portal functions assign the
apim:admin
scope to the associated role.
-
Info
If you are using an Update 2.0 based API-M 4.0.0 distribution, from 4.0.0.91 update level
you can change the minimum scopes to login via updating the minScopesToLogin
configuration in the<API-M_HOME>/repository/deployment/server/jaggeryapps/admin/site/public/conf/settings.js
Step 3 - Create a user to access the Admin Portal¶
-
Sign in to the management console (
https://<APIM_Host>:<APIM_Port>/carbon
) as the admin (default credentials areadmin
/admin
). -
Click Main, and then click Add under Users and Roles.
-
Click Add New user.
-
Provide the username and password and click Next.
-
Select
adminPortalManager
and assign it to the user. Click Finish to complete.
Now a user with custom permissions to access and manage Admin Portal has been created.
Step 4 - Sign in to the Admin Portal¶
Sign in to Admin Portal (https://<API-M_host>:<API-M_port>/admin
) as the user that you created in Step 3, and use Manager
and the new password as the credentials.
Now you will be able to sign in and perform specific operations in the Admin Portal with this user.
Top