Property Management
Property Permissions Configuration
Global properties are used to manage Eclipse configurations across tenants. Access to viewing and editing global properties is restricted however there are certain scenarios insitution or other roles need access to a specific property. A common use case is where INSTITUTION_ADMIN users needs access to global properties that are specific to the tenants they are accountable for.
Access to properties is controlled by the permissionsConfig attribute on the properties entity. This is a text field that defines the roles and positions that can READ, UPDATE or DELETE a property.
UPDATE=GLOBAL_ADMIN,GLOBAL_SUPPORT_L3,TENANT_SYSTEM,INSTITUTION_FINANCE_L3_DTB
READ=GLOBAL_ADMIN,GLOBAL_SUPPORT_L3,TENANT_SYSTEM,INSTITUTION_FINANCE_L3_DTB,CUSTOMER
DELETE=GLOBAL_ADMIN
Note for institution roles the institution name must be included so the config will be specific to that institution.
INSTITUTION_FINANCE_L3_DTB
Typical use cases would be:
- For certain properties INSTITUTION_ADMIN needs READ, UPDATE and DELETE access to the property - the permissionsConfig for that property should be:
UPDATE=INSTITUTION_ADMIN_DTB
READ=INSTITUTION_ADMIN_DTB
DELETE=INSTITUTION_ADMIN_DTB
- Certain properties need to be publicly available and any API calls without a JWT (i.e. anonymous user) should have READ access to the property - the permissionsConfig for that property should be:
READ=ANONYMOUS
- For certain properties, users with the CUSTOMER role should have READ access to the property - the permissionsConfig for that property should be:
READ=CUSTOMER
- For certain properties only TENANT_SYSTEM users should have READ access to the property - the permissionsConfig for that property should be:
READ=TENANT_SYSTEM
Note
The permissionsConfig for properties can be viewed and set in the Eclipse Admin Portal but an Ukheshe global administrator needs to first grant access as by default all properties are restricted.
Updated 5 months ago