I know that I can use WSO2 Entitlement mediator plus XACML to impose such an access control:
admin_user can invoke UpdateQuote and GetQuotenormal_user can only invoke GetQuoteWhat I need to know is a proper way to find out about access levels before invoking the services. Consider that I have designed a user interface and I want to hide or disable the "Update Quote" button for normal user.
Thanks
I think, you are trying provide access control for a web application or some user inteface. Basically end user travels through the UI pages, user must be seen only the authorized item. This can be done using Identity Server, There are several options that you have. You can use multiple decision profile in XACML or else you can use XACML search that is provided by Identity Server. Please refer this article, It explains all these possibilities and it has provided samples to implement it using all possible ways. Hope this would be helpful