Refactored scopes

components/apimgt-extensions/org.wso2.carbon.apimgt.annotations/src/main/java/org/wso2/carbon/apimgt/annotations/api/Scope.java

@@ -28,18 +28,24 @@ import java.lang.annotation.Target;
  */
 @Target(ElementType.METHOD)
 @Retention(RetentionPolicy.RUNTIME)
-public @interface Permission {
+public @interface Scope {
+
+    /**
+     * Represents the scope key which should be unique.
+     * @return Returns scope key.
+     */
+    String key();
 
     /**
      * Represents the scope name.
      * @return Returns scope name.
      */
-    String scope();
+    String name();
 
     /**
-     * Represents the associated permissions.
+     * Represents the scope description.
-     * @return Returns list of permissions.
+     * @return Returns scope description.
      */
-    String[] roles();
+    String description();
 
 }

components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionConfiguration.java

@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.carbon.apimgt.webapp.publisher.config;
-
-/**
- * This class represents the information related to permissions.
- */
-public class PermissionConfiguration {
-
-    private String scopeName;
-    private String[] roles;
-
-    public String getScopeName() {
-        return scopeName;
-    }
-
-    public void setScopeName(String scope) {
-        this.scopeName = scope;
-    }
-
-    public String[] getRoles() {
-        return roles;
-    }
-
-    public void setRoles(String[] roles) {
-        this.roles = roles;
-    }
-
-}

components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/config/PermissionManagementException.java

@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * you may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.wso2.carbon.apimgt.webapp.publisher.config;
-
-/**
- * Custom exception class of Permission related operations.
- */
-public class PermissionManagementException extends Exception {
-
-    private static final long serialVersionUID = -3151279311929070298L;
-
-    private String errorMessage;
-
-    public String getErrorMessage() {
-        return errorMessage;
-    }
-
-    public void setErrorMessage(String errorMessage) {
-        this.errorMessage = errorMessage;
-    }
-
-    public PermissionManagementException(String msg, Exception nestedEx) {
-        super(msg, nestedEx);
-        setErrorMessage(msg);
-    }
-
-    public PermissionManagementException(String message, Throwable cause) {
-        super(message, cause);
-        setErrorMessage(message);
-    }
-
-    public PermissionManagementException(String msg) {
-        super(msg);
-        setErrorMessage(msg);
-    }
-
-    public PermissionManagementException() {
-        super();
-    }
-
-    public PermissionManagementException(Throwable cause) {
-        super(cause);
-    }
-
-}

components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java

@@ -23,13 +23,9 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
-import org.wso2.carbon.apimgt.api.model.Scope;
 import org.wso2.carbon.apimgt.webapp.publisher.APIPublisherUtil;
 import org.wso2.carbon.apimgt.webapp.publisher.config.APIResource;
 import org.wso2.carbon.apimgt.webapp.publisher.config.APIResourceConfiguration;
-import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionConfiguration;
-import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
 
 import javax.servlet.ServletContext;
 import javax.ws.rs.*;
@@ -242,15 +238,9 @@ public class AnnotationProcessor {
                         Annotation producesAnno = method.getAnnotation(producesClass);
                         resource.setProduces(invokeMethod(producesClassMethods[0], producesAnno, STRING_ARR));
                     }
-                    if (annotations[i].annotationType().getName().equals(Permission.class.getName())) {
+                    if (annotations[i].annotationType().getName().equals(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName())) {
-                        PermissionConfiguration permissionConf = this.getPermission(method);
+                        org.wso2.carbon.apimgt.api.model.Scope scope = this.getScope(method);
-                        if (permissionConf != null) {
+                        if (scope != null) {
-                            Scope scope = new Scope();
-                            scope.setKey(permissionConf.getScopeName());
-                            scope.setDescription(permissionConf.getScopeName());
-                            scope.setName(permissionConf.getScopeName());
-                            String roles = StringUtils.join(permissionConf.getRoles(), ",");
-                            scope.setRoles(roles);
                             resource.setScope(scope);
                         }
                     }
@@ -348,35 +338,32 @@ public class AnnotationProcessor {
         return ((String[]) methodHandler.invoke(annotation, method, null));
     }
 
-    private PermissionConfiguration getPermission(Method currentMethod) throws Throwable {
+    private org.wso2.carbon.apimgt.api.model.Scope getScope(Method currentMethod) throws Throwable {
-        Class<Permission> permissionClass = (Class<Permission>) classLoader.loadClass(Permission.class.getName());
+        Class<org.wso2.carbon.apimgt.annotations.api.Scope> scopeClass =
-        Annotation permissionAnnotation = currentMethod.getAnnotation(permissionClass);
+                (Class<org.wso2.carbon.apimgt.annotations.api.Scope>) classLoader.
-        if (permissionClass != null) {
+                        loadClass(org.wso2.carbon.apimgt.annotations.api.Scope.class.getName());
-            Method[] permissionClassMethods = permissionClass.getMethods();
+        Annotation permissionAnnotation = currentMethod.getAnnotation(scopeClass);
-            PermissionConfiguration permissionConf = new PermissionConfiguration();
+        if (scopeClass != null) {
+            Method[] permissionClassMethods = scopeClass.getMethods();
+            org.wso2.carbon.apimgt.api.model.Scope scope = new org.wso2.carbon.apimgt.api.model.Scope();
             for (Method method : permissionClassMethods) {
                 switch (method.getName()) {
-                    case "scope":
+                    case "key":
-                        permissionConf.setScopeName(invokeMethod(method, permissionAnnotation, STRING));
+                        scope.setKey(invokeMethod(method, permissionAnnotation, STRING));
                         break;
-                    case "roles":
+                    case "name":
-                        String roles[] = invokeMethod(method, permissionAnnotation);
+                        scope.setName(invokeMethod(method, permissionAnnotation, STRING));
-                        this.addPermission(roles);
+                        break;
-                        permissionConf.setRoles(roles);
+                    case "description":
+                        scope.setDescription(invokeMethod(method, permissionAnnotation, STRING));
                         break;
                 }
             }
-            return permissionConf;
+            return scope;
         }
         return null;
     }
 
-    private void addPermission(String[] permissions) throws PermissionManagementException {
-        for (String permission : permissions) {
-            PermissionUtils.addPermission(permission);
-        }
-    }
-
     /**
      * Find the URL pointing to "/WEB-INF/classes"  This method may not work in conjunction with IteratorFactory
      * if your servlet container does not extract the /WEB-INF/classes into a real file-based directory

components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/PermissionUtils.java

@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * you may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.carbon.apimgt.webapp.publisher.lifecycle.util;
-
-import org.wso2.carbon.apimgt.webapp.publisher.config.PermissionManagementException;
-import org.wso2.carbon.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
-import org.wso2.carbon.context.PrivilegedCarbonContext;
-import org.wso2.carbon.registry.api.RegistryException;
-import org.wso2.carbon.registry.api.Resource;
-import org.wso2.carbon.registry.core.Registry;
-
-import java.util.StringTokenizer;
-
-/**
- * Utility class which holds necessary utility methods required for persisting permissions in
- * registry.
- */
-public class PermissionUtils {
-
-    public static final String ADMIN_PERMISSION_REGISTRY_PATH = "/permission/admin";
-    public static final String PERMISSION_PROPERTY_NAME = "name";
-
-    public static Registry getGovernanceRegistry() throws PermissionManagementException {
-        try {
-            int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
-            return APIPublisherDataHolder.getInstance().getRegistryService()
-                    .getGovernanceSystemRegistry(
-                            tenantId);
-        } catch (RegistryException e) {
-            throw new PermissionManagementException(
-                    "Error in retrieving governance registry instance: " +
-                            e.getMessage(), e);
-        }
-    }
-
-    public static void addPermission(String permission) throws PermissionManagementException {
-        String resourcePermission = getAbsolutePermissionPath(permission);
-        try {
-            StringTokenizer tokenizer = new StringTokenizer(resourcePermission, "/");
-            String lastToken = "", currentToken, tempPath;
-            while (tokenizer.hasMoreTokens()) {
-                currentToken = tokenizer.nextToken();
-                tempPath = lastToken + "/" + currentToken;
-                if (!checkResourceExists(tempPath)) {
-                    createRegistryCollection(tempPath, currentToken);
-                }
-                lastToken = tempPath;
-            }
-        } catch (RegistryException e) {
-            throw new PermissionManagementException("Error occurred while persisting permission : " +
-                    resourcePermission, e);
-        }
-    }
-
-    public static void createRegistryCollection(String path, String resourceName)
-            throws PermissionManagementException,
-            RegistryException {
-        Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
-        resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
-        PermissionUtils.getGovernanceRegistry().beginTransaction();
-        PermissionUtils.getGovernanceRegistry().put(path, resource);
-        PermissionUtils.getGovernanceRegistry().commitTransaction();
-    }
-
-    public static boolean checkResourceExists(String path)
-            throws PermissionManagementException,
-            org.wso2.carbon.registry.core.exceptions.RegistryException {
-        return PermissionUtils.getGovernanceRegistry().resourceExists(path);
-    }
-
-    private static String getAbsolutePermissionPath(String permissionPath) {
-        return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
-    }
-
-}

components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/java/org/wso2/carbon/certificate/mgt/jaxrs/api/CertificateMgtService.java

@@ -4,7 +4,7 @@ import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.certificate.mgt.jaxrs.beans.ErrorResponse;
 
 import javax.ws.rs.*;
@@ -46,7 +46,7 @@ public interface CertificateMgtService {
                             message = "Internal Server Error. \n Error occurred while retrieving signed certificate.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "sign-csr", roles = {"emm-admin"})
+    @Scope(key = "certificate:sign-csr", name = "Sign CSR", description = "")
     Response getSignedCertFromCSR(
             @ApiParam(
                     name = "If-Modified-Since",

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java

@@ -2,7 +2,7 @@ package org.wso2.carbon.certificate.mgt.cert.jaxrs.api;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList;
 import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate;
 import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse;
@@ -77,7 +77,7 @@ public interface CertificateManagementAdminService {
                             message = "Internal Server Error. \n Server error occurred while adding certificates.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "certificate:add", roles = {"admin"})
+    @Scope(key = "certificate:write", name = "Add certificates", description = "")
     Response addCertificate(
             @ApiParam(
                     name = "enrollmentCertificates",
@@ -135,7 +135,7 @@ public interface CertificateManagementAdminService {
                             "Server error occurred while retrieving information requested certificate.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "certificate:view", roles = {"admin"})
+    @Scope(key = "certificate:read", name = "View certificates", description = "")
     Response getCertificate(
             @ApiParam(name = "serialNumber",
                     value = "Provide the serial number of the certificate that you wish to get the details of",
@@ -207,7 +207,7 @@ public interface CertificateManagementAdminService {
                             "Server error occurred while retrieving all certificates enrolled in the system.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "certificate:view", roles = {"admin"})
+    @Scope(key = "certificate:read", name = "View certificates", description = "")
     Response getAllCertificates(
             @ApiParam(
                     name = "offset",
@@ -250,7 +250,7 @@ public interface CertificateManagementAdminService {
                     message = "Internal Server Error. \n " +
                             "Server error occurred while removing the certificate.",
                     response = ErrorResponse.class)})
-    @Permission(scope = "certificate:modify", roles = {"admin"})
+    @Scope(key = "certificate:write", name = "Add certificates", description = "")
     Response removeCertificate(
             @ApiParam(
                     name = "serialNumber",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java

@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ActivityList;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@@ -91,7 +91,7 @@ public interface ActivityInfoProviderService {
                     message = "Internal Server Error. \n Server error occurred while fetching activity data.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "activity:view", roles = {"admin"})
+    @Scope(key = "activity:read", name = "View Activities", description = "")
     Response getActivity(
             @ApiParam(
                     name = "id",
@@ -150,7 +150,7 @@ public interface ActivityInfoProviderService {
                     message = "Internal Server Error. \n Server error occurred while fetching activity data.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "activity:view", roles = {"admin"})
+    @Scope(key = "activity:read", name = "View Activities", description = "")
     Response getActivities(
             @ApiParam(
                     name = "since",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java

@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.PlatformConfiguration;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 
@@ -81,7 +81,7 @@ public interface ConfigurationManagementService {
                             "platform configuration.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "configuration:view", roles = {"admin"})
+    @Scope(key = "configuration:read", name = "View Configurations", description = "")
     Response getConfiguration(
             @ApiParam(
                     name = "If-Modified-Since",
@@ -127,7 +127,7 @@ public interface ConfigurationManagementService {
                             "Server error occurred while modifying general platform configuration.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "configuration:modify", roles = {"admin"})
+    @Scope(key = "configuration:modify", name = "Modify Configurations", description = "")
     Response updateConfiguration(
             @ApiParam(
                     name = "configuration",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java

@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.common.Device;
 import org.wso2.carbon.device.mgt.common.Feature;
 import org.wso2.carbon.device.mgt.common.app.mgt.Application;
@@ -91,7 +91,7 @@ public interface DeviceManagementService {
                     message = "Internal Server Error. \n Server error occurred while fetching the device list.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "device:list", roles = {"admin"})
+    @Scope(key = "device:read", name = "View Devices", description = "")
     Response getDevices(
             @ApiParam(
                     name = "name",
@@ -200,7 +200,7 @@ public interface DeviceManagementService {
                                     "Server error occurred while retrieving information requested device.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "device:view", roles = {"admin"})
+    @Scope(key = "device:read", name = "View Devices", description = "")
     Response getDevice(
             @ApiParam(
                     name = "type",
@@ -280,7 +280,7 @@ public interface DeviceManagementService {
                                     "Server error occurred while retrieving feature list of the device.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "device:view", roles = {"admin"})
+    @Scope(key = "device:read", name = "View Devices", description = "")
     Response getFeaturesOfDevice(
             @ApiParam(
                     name = "type",
@@ -354,7 +354,7 @@ public interface DeviceManagementService {
                                     "Server error occurred while enrolling the device.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "device:search", roles = {"admin" })
+    @Scope(key = "device:read", name = "View Devices", description = "")
     Response searchDevices(
             @ApiParam(
                     name = "offset",
@@ -433,7 +433,7 @@ public interface DeviceManagementService {
                                     "Server error occurred while retrieving installed application list of the device.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "device:view", roles = {"admin"})
+    @Scope(key = "device:read", name = "View Devices", description = "")
     Response getInstalledApplications(
             @ApiParam(
                     name = "type",
@@ -527,7 +527,7 @@ public interface DeviceManagementService {
                                     "Server error occurred while retrieving operation list scheduled for the device.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "device:view", roles = {"admin"})
+    @Scope(key = "device:read", name = "View Devices", description = "")
     Response getDeviceOperations(
             @ApiParam(
                     name = "type",
@@ -623,7 +623,7 @@ public interface DeviceManagementService {
                             response = ErrorResponse.class)
             }
     )
-    @Permission(scope = "device:view", roles = {"admin"})
+    @Scope(key = "device:read", name = "View Devices", description = "")
     Response getEffectivePolicyOfDevice(
             @ApiParam(
                     name = "type",
@@ -674,6 +674,7 @@ public interface DeviceManagementService {
                             response = ErrorResponse.class)
             }
     )
+    @Scope(key = "device:read", name = "View Devices", description = "")
     Response getComplianceDataOfDevice(
             @ApiParam(
                     name = "type",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java

@@ -18,7 +18,7 @@
  */
 package org.wso2.carbon.device.mgt.jaxrs.service.api;
 
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroup;
 

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/NotificationManagementService.java

@@ -20,10 +20,8 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
-import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
 import org.wso2.carbon.device.mgt.common.notification.mgt.Notification;
-import org.wso2.carbon.device.mgt.jaxrs.NotificationContext;
 import org.wso2.carbon.device.mgt.jaxrs.NotificationList;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 
@@ -90,7 +88,7 @@ public interface NotificationManagementService {
                                     "\n Server error occurred while fetching the notification list.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "notification:view", roles = {"admin"})
+    @Scope(key = "notification:read", name = "View and manage notifications", description = "")
     Response getNotifications(
             @ApiParam(
                     name = "status",
@@ -142,7 +140,7 @@ public interface NotificationManagementService {
                             message = "Error occurred while updating notification status.")
             }
     )
-    @Permission(scope = "notification:view", roles = {"admin"})
+    @Scope(key = "notification:read", name = "View and manage notifications", description = "")
     Response updateNotificationStatus(
             @ApiParam(
                     name = "id",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/PolicyManagementService.java

@@ -20,11 +20,11 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
-import org.wso2.carbon.policy.mgt.common.Policy;
 import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
+import org.wso2.carbon.policy.mgt.common.Policy;
 
 import javax.ws.rs.*;
 import javax.ws.rs.core.MediaType;
@@ -99,7 +99,7 @@ public interface PolicyManagementService {
                                     "Server error occurred while adding a new policy.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "policy:add", roles = {"admin"})
+    @Scope(key = "policy:write", name = "Add policies", description = "")
     Response addPolicy(
             @ApiParam(
                     name = "policy",
@@ -153,7 +153,7 @@ public interface PolicyManagementService {
                                     "policies."),
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "policy:list", roles = {"admin"})
+    @Scope(key = "policy:read", name = "Views policies", description = "")
     Response getPolicies(
             @ApiParam(
                     name = "If-Modified-Since",
@@ -219,7 +219,7 @@ public interface PolicyManagementService {
                                     "policy.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "policy:view", roles = {"admin"})
+    @Scope(key = "policy:read", name = "View policies", description = "")
     Response getPolicy(
             @ApiParam(
                     name = "id",
@@ -283,7 +283,7 @@ public interface PolicyManagementService {
                                     "Server error occurred while updating the policy.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "policy:modify", roles = {"admin"})
+    @Scope(key = "policy:write", name = "Add policies", description = "")
     Response updatePolicy(
             @ApiParam(
                     name = "id",
@@ -329,7 +329,7 @@ public interface PolicyManagementService {
                                     "Server error occurred while bulk removing policies.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "policy:modify", roles = {"admin"})
+    @Scope(key = "policy:write", name = "Add policies", description = "")
     Response removePolicies(
             @ApiParam(
                     name = "policyIds",
@@ -365,7 +365,7 @@ public interface PolicyManagementService {
                             message = "ErrorResponse in activating policies.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "policy:add", roles = {"admin"})
+    @Scope(key = "policy:write", name = "Add policies", description = "")
     Response activatePolicies(
             @ApiParam(
                     name = "policyIds",
@@ -401,7 +401,7 @@ public interface PolicyManagementService {
                     message = "ErrorResponse in deactivating policies.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "policy:add", roles = {"admin"})
+    @Scope(key = "policy:write", name = "Add policies", description = "")
     Response deactivatePolicies(
             @ApiParam(
                     name = "policyIds",
@@ -434,7 +434,7 @@ public interface PolicyManagementService {
                     message = "ErrorResponse in deactivating policies.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "policy:add", roles = {"admin"})
+    @Scope(key = "policy:write", name = "Add policies", description = "")
     Response applyChanges();
 
 
@@ -463,7 +463,7 @@ public interface PolicyManagementService {
                     message = "Exception in updating policy priorities.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "policy:add", roles = {"admin"})
+    @Scope(key = "policy:write", name = "Add policies", description = "")
     Response updatePolicyPriorities(
             @ApiParam(
                     name = "priorityUpdatedPolicies",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/RoleManagementService.java

@@ -20,7 +20,6 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 import org.wso2.carbon.device.mgt.jaxrs.beans.RoleInfo;
 import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
@@ -77,7 +76,7 @@ public interface RoleManagementService {
                             message = "Internal Server Error. \n Server error occurred while fetching requested list of roles.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "role:list", roles = {"admin"})
+    @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:read", name = "View roles", description = "")
     Response getRoles(
             @ApiParam(
                     name = "filter",
@@ -159,7 +158,7 @@ public interface RoleManagementService {
                             message = "Internal Server ErrorResponse. \n Server error occurred while fetching the permission list of the requested role.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "role:scope:read", roles = {"admin"})
+    @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:read", name = "View roles", description = "")
     Response getScopes(
             @ApiParam(
                     name = "If-Modified-Since",
@@ -209,7 +208,7 @@ public interface RoleManagementService {
                     message = "Internal Server Error. \n Server error occurred while updating the scopes.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "role:scope:write", roles = {"admin"})
+    @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:add", name = "Add roles", description = "")
     Response updateScopes(
             @ApiParam(
                     name = "Scopes",
@@ -266,7 +265,7 @@ public interface RoleManagementService {
                                     "requested role.",
                             response = ErrorResponse.class)
     })
-    @Permission(scope = "role:view", roles = {"admin"})
+    @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:read", name = "View roles", description = "")
     Response getRole(
             @ApiParam(
                     name = "roleName",
@@ -326,7 +325,7 @@ public interface RoleManagementService {
                     message = "Internal Server Error. \n Server error occurred while adding a new role.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "role:add", roles = {"admin"})
+    @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:add", name = "Add roles", description = "")
     Response addRole(
             @ApiParam(
                     name = "role",
@@ -376,7 +375,7 @@ public interface RoleManagementService {
                     message = "Internal Server Error. \n Server error occurred while updating the role.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "role:modify", roles = {"admin"})
+    @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:add", name = "Add roles", description = "")
     Response updateRole(
             @ApiParam(
                     name = "roleName",
@@ -413,7 +412,7 @@ public interface RoleManagementService {
                     message = "Internal Server Error. \n Server error occurred while removing the role.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "role:modify", roles = {"admin"})
+    @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:add", name = "Add roles", description = "")
     Response deleteRole(
             @ApiParam(
                     name = "roleName",
@@ -475,7 +474,7 @@ public interface RoleManagementService {
                                     "Server error occurred while updating the user list of the role.",
                             response = ErrorResponse.class)
     })
-    @Permission(scope = "role:add", roles = {"admin"})
+    @org.wso2.carbon.apimgt.annotations.api.Scope(key = "role:add", name = "Add roles", description = "")
     Response updateUsersOfRole(
             @ApiParam(
                     name = "roleName",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java

@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.jaxrs.beans.*;
 
 import javax.ws.rs.*;
@@ -83,7 +83,7 @@ public interface UserManagementService {
                             message = "Internal Server Error. \n Server error occurred while adding a new user.",
                             response = ErrorResponse.class)
             })
-    @Permission(scope = "user:add", roles = {"admin"})
+    @Scope(key = "user:write", name = "Add users", description = "")
     Response addUser(
             @ApiParam(
                     name = "user",
@@ -135,7 +135,7 @@ public interface UserManagementService {
                             " fetching the requested user.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "user:view", roles = {"admin"})
+    @Scope(key = "user:read", name = "View users", description = "")
     Response getUser(
             @ApiParam(
                     name = "username",
@@ -192,7 +192,7 @@ public interface UserManagementService {
                             "Server error occurred while updating the user.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "user:modify", roles = {"admin"})
+    @Scope(key = "user:write", name = "Add users", description = "")
     Response updateUser(
             @ApiParam(
                     name = "username",
@@ -227,7 +227,7 @@ public interface UserManagementService {
                     response = ErrorResponse.class
             )
     })
-    @Permission(scope = "user:modify", roles = {"admin"})
+    @Scope(key = "user:write", name = "Add users", description = "")
     Response removeUser(
             @ApiParam(name = "username", value = "Username of the user to be deleted.", required = true)
             @PathParam("username") String username);
@@ -276,7 +276,7 @@ public interface UserManagementService {
                             " assigned to the user.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "user:view", roles = {"admin"})
+    @Scope(key = "user:read", name = "View users", description = "")
     Response getRolesOfUser(
             @ApiParam(name = "username", value = "Username of the user.", required = true)
             @PathParam("username") String username);
@@ -319,7 +319,7 @@ public interface UserManagementService {
                     message = "Internal Server Error. \n Server error occurred while fetching the user list.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "user:list", roles = {"admin"})
+    @Scope(key = "user:read", name = "View users", description = "")
     Response getUsers(
             @ApiParam(
                     name = "filter",
@@ -386,7 +386,7 @@ public interface UserManagementService {
                             "list that matches the given filter.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "user:view", roles = {"admin"})
+    @Scope(key = "user:read", name = "View users", description = "")
     Response getUserNames(
             @ApiParam(
                     name = "filter",
@@ -440,7 +440,7 @@ public interface UserManagementService {
                             "Server error occurred while updating credentials of the user.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "user:modify", roles = {"admin"})
+    @Scope(key = "user:read", name = "View users", description = "")
     Response resetPassword(
             @ApiParam(
                     name = "username",
@@ -483,7 +483,7 @@ public interface UserManagementService {
                             "Server error occurred while updating credentials of the user.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "user:invite", roles = {"admin"})
+    @Scope(key = "user:write", name = "Add users", description = "")
     Response inviteExistingUsersToEnrollDevice(
             @ApiParam(
                     name = "users",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/ApplicationManagementAdminService.java

@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.common.operation.mgt.Activity;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ApplicationWrapper;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
@@ -74,7 +74,7 @@ public interface ApplicationManagementAdminService {
                             "a given set of devices.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "application:install", roles = {"admin"})
+    @Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
     Response installApplication(
             @ApiParam(
                     name = "applicationWrapper",
@@ -113,7 +113,7 @@ public interface ApplicationManagementAdminService {
                             "a given set of devices.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "application:uninstall", roles = {"admin"})
+    @Scope(key = "application:manage", name = "Install/Uninstall applications", description = "")
     Response uninstallApplication(
             @ApiParam(
                     name = "applicationWrapper",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java

@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.common.Device;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 
@@ -84,7 +84,7 @@ public interface DeviceManagementAdminService {
                     message = "Internal Server Error. \n Server error occurred while fetching the device list.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "device:view", roles = {"admin"})
+    @Scope(key = "device:admin:read", name = "View Devices", description = "")
     Response getDevicesByName(
             @ApiParam(
                     name = "name",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceTypeManagementService.java

@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.jaxrs.beans.DeviceTypeList;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 
@@ -78,7 +78,7 @@ public interface DeviceTypeManagementService {
                             response = ErrorResponse.class)
             }
     )
-    @Permission(scope = "device-types:read", roles = {"admin"})
+    @Scope(key = "device-type:admin:read", name = "View device types", description = "")
     Response getDeviceTypes(
             @ApiParam(
                     name = "If-Modified-Since",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/GroupManagementAdminService.java

@@ -19,7 +19,7 @@
 package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
 
 import io.swagger.annotations.*;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.policy.mgt.common.DeviceGroupWrapper;
 
 import javax.ws.rs.*;

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java

@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
 
 import io.swagger.annotations.*;
 import org.wso2.carbon.apimgt.annotations.api.API;
-import org.wso2.carbon.apimgt.annotations.api.Permission;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
 
@@ -67,7 +67,7 @@ public interface UserManagementAdminService {
                             "Server error occurred while updating credentials of the user.",
                     response = ErrorResponse.class)
     })
-    @Permission(scope = "user:modify", roles = {"admin"})
+    @Scope(key = "user:admin:reset-password", name = "View users", description = "")
     Response resetUserPassword(
             @ApiParam(
                     name = "username",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/util/RequestValidationUtil.java

@@ -314,6 +314,14 @@ public class RequestValidationUtil {
         }
     }
 
+    public static void validateScopes(List<Scope> scopes) {
+        if (scopes == null || scopes.isEmpty()) {
+            throw new InputValidationException(
+                    new ErrorResponse.ErrorResponseBuilder().setCode(400l).setMessage("Scope details of the request body" +
+                            " is incorrect or empty").build());
+        }
+    }
+
     public static void validatePaginationParameters(int offset, int limit) {
         if (offset < 0) {
             throw new InputValidationException(