Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing roles for Company Admin + wrong documentation #185

Open
MaximilianHauer opened this issue Sep 4, 2024 · 3 comments
Open

Missing roles for Company Admin + wrong documentation #185

MaximilianHauer opened this issue Sep 4, 2024 · 3 comments
Assignees
@evegufy
Labels
bug Something isn't working
Milestone
Release 24.12

Comments

@MaximilianHauer
Copy link
Contributor

MaximilianHauer commented Sep 4, 2024
edited
Loading

Current Behavior

based on the role concept some roles are missing in the roles

documentation:
https://github.com/eclipse-tractusx/portal-iam/blob/main/docs/technical%20documentation/06.%20Roles%20%26%20Rights%20Concept.md

Roles missing for

Company Admin

roles need to be added

  • modify_user_account
  • view_service_subscriptions
  • app_management
  • activate_subscription

IT Admin

roles need to be removed
subscribe_service

Purchaser

roles need to be removed
upload_certificates
delete_certificates

Sales Manager

roles need to be removed
app_management
activate_subscription
roles need to be added
view_idp -> why idp ?
subscribe_apps

Service Manager

roles need to be removed
delete_documents

roles need to be added
add_technical_user_management
delete_tech_user_management
view_managed_idp
view_connectors
add_connectors
delete_connectors
subscribe_apps
view_service_subscriptions
view_subscription

roles need to be removed from the R&R concept
add_idp
setup_idp
disable_idp
delete_idp

Business Partner Data Manager

roles need to be added to the R&R
view_user_management
view_own_user_account
update_own_user_account
delete_own_user_account

Document adjustment

  • add_technical_user_management in the documentation is named add_tech_user_management in the portal
  • Managed via Client: Cl7-CX-BPDM needs to be added after 2.5.4 Managed Wallets

Open Questions

  • what is technical_roles_management a client or a group ? doesnt fit in the structure. currently existing as role in the R&R and as client in the token
 "technical_roles_management": {
      "roles": [
        "BPDM Pool Consumer"
      ]
  • Discrepancy between Activate App Subscription Request and Activate App Subscription

image
@MaximilianHauer MaximilianHauer added the bug Something isn't working label Sep 4, 2024
@MaximilianHauer MaximilianHauer added this to the Release 24.12 milestone Sep 4, 2024
@jjeroch
Copy link
Contributor

jjeroch commented Sep 23, 2024
edited
Loading

@MaximilianHauer I have validated our keycloak image once; and it is existing. It may make sense to check why the test env. is acting differently:
image

code link: https://github.com/eclipse-tractusx/portal-iam/blob/main/import/realm-config/generic/catenax-central/CX-Central-realm.json#L932

Same applies for a couple of roles for Service Manager

image

...I would not suggest to add:

  • add_idp
  • setup_idp
  • disable_idp
  • delete_idp

to the Service Manager.

@MaximilianHauer
Copy link
Contributor Author

thanks @jjeroch will have a look

@evegufy
Copy link
Contributor

evegufy commented Sep 30, 2024

@MaximilianHauer Service Manager already has the roles add_tech_user_management and delete_tech_user_management
https://github.com/eclipse-tractusx/portal-iam/blob/v3.0.1/import/realm-config/generic/catenax-central/CX-Central-realm.json#L240 which is what even lead to #176

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@evegufy evegufy

Labels
bug Something isn't working
Projects
Portal
Status: BACKLOG
Milestone
Release 24.12
Development

No branches or pull requests
3 participants
@evegufy @jjeroch @MaximilianHauer