Reputation: 174
WSO2 - SaaS Service Provider Permissions in a Multitenant environment
I'm trying to configure the following scenario in WSO2
- Have a SaaS Enabled service provider which specifies certain application permissions (in the carbon.super tenant)
- Have those permissions show up in the Role editor for each tenant (such that each tenant can specify what application permissions are assigned to what role)
This is assuming that the permissions will be part of the info provided when authentication succeeds (such that the permissions can be used in my application).
Is this possible and if so, what am I missing?
Upvotes: 0
Views: 231
Answers (1)
Reputation: 182
This is not possible. When SaaS Enabled the Service provider created from one tenant can be accessed across tenants. But when it comes to role-based permissions each tenant space is isolated. When you create a certain application with permissions for a super tenant it will be stored under the Super Admin Permissions (super tenant level) on the permission tree. When you are logging in as tenant WSO2 IS is using the permissions configured under the Admin Permissions (tenant level). So if you want to see the permissions in the Role editor of each tenant you might need to configure it separately for each tenant.
Please refer to the following documentation for further clarification https://docs.wso2.com/display/IS530/Role-based+Permissions
Upvotes: 1
Related Questions
- Role-based Permissions
- WSO2 Identity Server User and Tenants
- WSO2is decision entitlement for tenants
- WSO2 Identity server - multiple tenants on service provider side
- WSO2 inherit tenant policies
- WSO2 roles & Permission Identity server for OAuth2
- wso2 Identity Server - ACL based on role to manage user access to webapps
- WSO2 IS Multi-tenancy APIs
- WSO2 IS 5.0 SP1 : User/Role management in Multitenancy
- Manage external custom permissions with WSO2 Identity Server?