Mapping Roles With APIs
Overview
Roles define the permissions of a user to perform a group of tasks. The tasks are created as API calls to do certain actions when a request for those calls is sent by the system. For example, the key tasks for a Trade License application include initiate/apply, forward, approve or payment. For Trade License initiate two API calls, “create” and “update” is required. Create API creates and saves the application in the database and returns an application number. Update API saves the required attached documents in the file store and returns the success acknowledgement message of the application created. These create and update API access permission is granted to the roles named Citizen and TL counter employee.
Access permission is granted by mapping roles with APIs. Users assigned with the citizen or TL counter employee roles can initiate/apply the Trade License application.
Pre-requisites
Before proceeding with the configuration, make sure the following pre-requisites are met -
Knowledge of DIGIT applications is required.
Users should be aware of transactional steps in the DIGIT application.
Knowledge of json and how to write a json is required.
Knowledge of MDMS is required.
User with permission to edit the git repository where MDMS data is configured.
Key Functionalities
In mapping roles with APIs, permission to perform a certain task can be restricted based on the requirement. For example, only the user with Role TL Counter Employee or Citizen can initiate the Trade License applications.
Deployment Details
After mapping roles with APIs, the MDMS service needs to be restarted to read the newly added data.
Configuration Details
APIs are added in actions-test.json and termed as action. In MDMS, file actions-test.json, under ACCESSCONTROL-ACTIONS-TEST folder APIs are added. API Sample:
APIs are added as action array elements with the request URL and other required details for the array "actions-test"
Each action is defined as a key-value pair:
Roles are added in roles.json In MDMS, file roles.json, under ACCESSCONTROL-ROLES folder roles are added. More about roles can be checked in the below link: Adding roles to System
Mapping of roles and APIs/actions is added in roleactions.json, under the folder ACCESSCONTROL-ROLEACTIONS. Sample mapping:
Role and API/action mapping is added as an array element under array roleactions. Each mapping is defined with key-value pairs. keys are rolecode, actionid, actioncode and tenantId.