Permissions to set in order enable acess to XACML PDP

Question

I'm using WSO2 Identity Server version 4.6.0.

I try to find the list of permissions to set to role "Internal/everyone" in order to enable a authenticated user to access the EntitlementService to obtains PDP decision.

I have read during my search that the EntitlementService is considered as "admin" level service but I cannot find which specific permissions set is required. I do not want that third party application use a full admin user to send request to PDP.

Answer 1

Yes.. EntitlementService is an admin service, It means you need to authenticate and authorize to identity server to access it. You need to have "/permission/admin/manage" permission to access to this server. It means you need to create a role by selecting "Admin Permissions -> Manage" in the permission tree. And assign user to created role.