I have configured two users in my WSO2 Identity Server, each one with some roles, to give permission to access an API (MS-Authorization-API) in WSO2 API Manager.
Camila - Internal/everyone and Application/admin-AT-wso2.com_MS-Authorization-Application_PRODUCTION
Joao - Internal/everyone
The users in the role Application/admin-AT-wso2.com_MS-Authorization-Application_PRODUCTION:
The problem is, when I make a request, using the token generated by Joao user, WSO2 API Manager is giving access to him to consume the API
How can I protect my API from some users to not get access to the it?
PS: MS-Authorization-API is accessible and visible in API Store only to admin role.
versions: wso2am-2.6.0 / wso2is-5.8.0
question from:
https://stackoverflow.com/questions/65919873/wso2-request-permission-by-role-not-working 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…