Adding Role Action Mapping

Owned by Shashwat Mishra
Aug 16, 2022
2 min read

Access Control Service (ACS) primary job is to authorise end user based on their roles and provide access of the DIGIT platform resources. Access control functionality basically works based on below points:

Actions: Actions are events which is performed by an user. This can be a api end-point or Frontend event. This is MDMS master

Roles: Role are assigned to user, a user can hold multiple roles. Roles are defined in MDMS masters.

Role-Action: Role actions are mapping b/w Actions and Roles. Based on Role,Action  mapping access control service identifies applicable action for role.

 

So, for any new service which exposes APIs, we need to provide role action mapping for the user roles who can consume this API on the server. The configuration for role action mapping can be defined as follows -

  1. Define the roles :

    { "code": "EMPLOYEE", "name": "Employee", "description": "Default role for all employees" }

     

  2. Add the Actions (URL) :

    { "id": {{ACTION_ID}}, "name": "Create TradeLicense", "url": "/tl-services/v1/_create", "parentModule": "", "displayName": "Create TradeLicense", "orderNumber": 0, "enabled": false, "serviceCode": "tl-services", "code": "null", "path": "" }

     

  3. Add the role action mapping:

    { "rolecode": "EMPLOYEE", "actionid": {{ACTION_ID}}, "actioncode": "", "tenantId": "pb" }