IAM Solutions FAQ5 — How do we manage permissions in multiple applications?

An Application (Web/SaaS/Mobile) can have several pages, menus, and functions that should be visible to a certain group of people/users. Depending on the user’s permissions or roles, the resources that they can access will vary.

There are two ways that we can control application functions in an application

• Based on Permissions — control the visibility of items or actions
• Based on OAuth2.0 Scopes — control the visibility of items or actions of an application, use to secure APIs

Both these ways do the same thing in different ways.

Scope, Role, Permission relationship

A Role is a set of permissions, and a OAuth2.0 Scope will be bound to a Role of a User. Therefore, if User A has a manager role, and the “write” scope is bound to the manager role. When User A gets a token with scope “write”, He will receive an access token with “write” scope as he belongs to the relevant role.

How to configure Application Permissions?

WSO2 Identity Server provides an API to retrieve all the permissions needed for an application. If the application is unable to store its static permission list on the application side, then this is a good approach to be used.

Please follow below steps to configure permissions for your application.

• In the service…