Property Management

Property Permissions Configuration

Global properties are used to manage Eclipse configurations across tenants. Access to viewing and editing global properties is restricted however there are certain scenarios insitution or other roles need access to a specific property. A common use case is where INSTITUTION_ADMIN users needs access to global properties that are specific to the tenants they are accountable for.

Access to properties is controlled by the permissionsConfig attribute on the properties entity. This is a text field that defines the roles and positions that can READ, UPDATE or DELETE a property.

UPDATE=GLOBAL_ADMIN,GLOBAL_SUPPORT_L3,TENANT_SYSTEM,INSTITUTION_FINANCE_L3_DTB
READ=GLOBAL_ADMIN,GLOBAL_SUPPORT_L3,TENANT_SYSTEM,INSTITUTION_FINANCE_L3_DTB,CUSTOMER
DELETE=GLOBAL_ADMIN

Note for institution roles the institution name must be included so the config will be specific to that institution.
INSTITUTION_FINANCE_L3_DTB

Typical use cases would be:

1. For certain properties INSTITUTION_ADMIN needs READ, UPDATE and DELETE access to the property - the permissionsConfig for that property should be:

UPDATE=INSTITUTION_ADMIN_DTB
READ=INSTITUTION_ADMIN_DTB 
DELETE=INSTITUTION_ADMIN_DTB

2. Certain properties need to be publicly available and any API calls without a JWT (i.e. anonymous user) should have READ access to the property - the permissionsConfig for that property should be:

READ=ANONYMOUS

3. For certain properties, users with the CUSTOMER role should have READ access to the property - the permissionsConfig for that property should be:

READ=CUSTOMER

4. For certain properties only TENANT_SYSTEM users should have READ access to the property - the permissionsConfig for that property should be:

READ=TENANT_SYSTEM

📘

Note

The permissionsConfig for properties can be viewed and set in the Eclipse Admin Portal but an Ukheshe global administrator needs to first grant access as by default all properties are restricted.