For all the existing users in the users.properties file, you can modify the user roles and privileges using the appropriate security configuration file, appSecurity-XXXX.xml, in the WEB-INF folder of the REST Management Agent or the REST Web application in your web server directory. Irrespective of which security configuration model you chose, you perform a similar set of edits.
For example, the following assigns privileges to ROLE_PSCAdmin and ROLE_PSCOper in the appSecurity-form-local.xml file:
<?xml version="1.0" encoding="UTF-8"?>
.
.
.
<!-- Get Manager status -->
<intercept-url pattern="/status" method="GET"
access="hasAnyRole('ROLE_PSCAdmin','ROLE_PSCOper')"/>
.
.
.
Add the user role, ROLE_PSCNewUser, with privileges of performing GET operation on /status:
<?xml version="1.0" encoding="UTF-8"?>
.
.
.
<!-- Get Manager status -->
<intercept-url pattern="/status" method="GET"
access="hasAnyRole('ROLE_PSCAdmin','ROLE_PSCOper','ROLE_PSCNewUser')"/>
.
.
.