WSO2 Changelog
- 20 Aug, 2025
Selective role sharing for sub organizations
Asgardeo now provides full control over which roles are shared when delegating applications to sub organizations.Previously, application sharing automatically granted all associated application roles to sub organizations, which could lead to over-permissive access.
With this update, admins can fine-tune role visibility using one of three sharing modes:
- Share all roles with all organizations – Previous "everything shared" model.
- Share a common set of roles with all organizations – Pick a single set of roles that will be shared everywhere.
- Share different roles with each organization – Customize role sharing per sub-org for maximum flexibility.
The new experience is available for both console and general applications, with tailored UI in the "Shared Access" settings. Role selection is fully integrated into the sharing workflow, allowing admins to see at a glance which roles are shared where and adjust them instantly, while preserving the organizational hierarchy. This empowers tenant admins, B2B customers, and security teams to enforce least-privilege access, improve governance, and prevent unintended role propagation across complex organizational structures