- Open $EMM_Home/repository/conf/cartbon.xml and change the value of HideAdminServiceWSDLs to false
- Start the WSO2 EMM
- You can check the ResourceAdminService wsdl file by browsing https://<host>:9443/services/ResourceAdminService?wsdl
- Create a new soap project in the SoapUI using the ResourceAdminService.wsdl
- Send a changeRolePermissions request. Sample Soap request will be looks as follows
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.resource.registry.carbon.wso2.org"> <soapenv:Header/> <soapenv:Body> <ser:changeRolePermissions> <ser:resourcePath>/_system/governance/mobileapps/admin/android/TestApp</ser:resourcePath> <ser:permissionsInput>internal/everyone:ra^true:wa^true:da^true:aa^true|internal/private_admin:ra^true</ser:permissionsInput> </ser:changeRolePermissions> </soapenv:Body> </soapenv:Envelope>
In the request
- resourcePath should be the registry resource that you want to manipulate
- permissionsInput must be in following format
roleName:<permission_id>^true:<permission_id>^true:...:<permission_id>^true|roleName2:<permission_id>^true:<permission_id>^true|roleName3:<permission_id>^true
Permission can be as follows
| Permission | Permission ID |
|---|---|
| Allow Read | ra |
| Deny Read | rd |
| Allow Write | wa |
| Deny Write | wd |
| Allow Delete | da |
| Deny Delete | dd |
| Allow Authorize | aa |
| Deny Authorize | ad |
For example
internal/everyone:ra^true:wa^true:da^true:aa^true|internal/private_admin:ra^true:wd^true:dd^true:ad^true
This will allow read/write/delete/authorize permissions to the internal/everyone role and only read permission to internal/private_admin. Write/Delete/Authorize permissions of the internal/private_admin will be set to deny.
Note that if you don't specifically set all 4 permission, then the missing permission will be reset.
You can create a simple client using the ResourceAdminService wsdl and programmatically manipulate the permission.
No comments:
Post a Comment