There are several ways that you can add custom permissions to the WSO2 Identity Server. These methods are given in this answer.
There is a XACML function as urn:oasis:names:tc:xacml:1.0:function:eval-permission-tree defined in the WSO2 Identity Server. This can be used to validate the permissions of a user. This function requires two inputs.
1. required permission string (ex: /permission/admin/login)
2. subject or the user whose permissions are validated
In the WSO2 Identity Server, there is a sample XACML policy on using this function. If you login to the management console of the Identity Server, the sample is with the name evaluate_permission_tree_policy at Main > Entitlement > PAP > Policy Administration
You can get the permission string by referring to the registry of the Identity Server via Main > Registry > Browse
I assume that you want to validate the permissions of a given role from the XACML policy. As per the current implementation, the function eval-permission-tree only checks whether the given user is authorized. [1] To achieve your requirement, you can write your own XACML function extending the EvalPermissionTreeFunction class. This blog[2] describes how you can write a custom XACML function and plug it into WSO2 IS.
[2] https://pamodaaw.medium.com/custom-xacml-functions-for-wso2-identity-server-5-10-0-a91bc2ec673d
thanks for the reply!!, but if I want to search the permission based on the role how can achieve if I have permission called company_operation under that create,update,view is there which is assigned to a multiple roles like for createuser,createpolicy etc,. In that case how can I query like user role which is having permission create/view/update etc,.