Roles-management: User – Member – Organisation
Role Group
Role Group is a collection of the roles in the system. In configuration it is represented like a type.
It’s not an Entity in the system.
E.g.: individual, merchant, cash_desk, system
Role
Role defines the set configurations. In configuration it is represented like a role.
It’s not an Entity in the system.
E.g.: individual, merchant, accountant, customer_success_specialist, cro, cashier, administrator
User
User is an Entity in the system. It reflects the User in real world.
Entity has relations to
- List<LoginCredential> – @OneToOne (login, password)
- Profile – @OneToOne
- List<Member> – @OneToMany
Member
Member is an Entity in the system. It is a connector between User and Organization.
Entity has relations to
- User – @ManyToOne
- Organization – @ManyToOne
And has field:
- role (e.g.: individual, merchant, accountant, customer success specialist, cro, cashier, administrator etc.)
Organization
Organization is an Entity in the system. It is a business entity.
Entity has relations to
- Profile – @OneToOne
- List<Member> – @OneToMany
- List<Coin> – @OneToMany
And has field:
- type (OrganizationType, e.g.: individual, merchant, cash_desk, system, gate_provider)
Profile
Profile is an Entity in the system to store information about User or/and Organization.
Entity has relations to
- User – @OneToOne
- Organization – @OneToOne
- ContactDef – @OneToOne – contact information
- PersonDef – @OneToOne – person information
- AddressDef – @OneToOne – address information
- BusinessDef – @OneToOne – business information
- SocialDef – @OneToOne – social information
- IntegrationDef – @OneToOne – information related to integration services
- ProfileExtension – @OneToOne – for flexible extension profile data
Configuration file
Example of configuration file:
application-organizations.yaml
Where:
- core.organizations.permission-configs[0].type is Role Group
- core.organizations.permission-configs[0].roles[0].role is Role
- core.organizations.permission-configs[0].roles[0].self-registration means that User with this role can be created by their own via API POST /registration
- core.organizations.permission-configs[0].roles[0].member-creation set of params for Organization. Possible multiple options except ATTACH_SINGLE and ATTACH_MULTIPLE simultaneously.
ATTACH_SINGLE – means that Organization can have only one attached Member.
ATTACH_MULTIPLE – means that Organization can have more than one attached Member.
CREATE_NEW_ORGANIZATION – a new Organization should be created. - core.organizations.permission-configs[0].roles[0].management.include-role-groups – means than current role can manage roles from this set.
If this parameter is not defined therefore current role can manage all other roles.
Create Users
Create Users via API: POST /users
Permission required: USER_MANAGER
Request body:
{ "login": "individual+1@sdkfinance.com", "role": "individual", "organizationId": "6f7e4c4c-df76-42ec-96ba-6447015392e7" }
Where organizationId is optional. This field is used to attach the new User and Member to an existing Organization which has the following organizationId.
Attach a new created User to an existing Organization: FAIL throws exception
| API caller | info | configuration member-creation | permission | |
| create new User with Member [role: complience_spesialist] | source | CREATE_NEW_ORGANIZATION | ||
| + | existing User with Member [role: compliance_manager] | target | ATTACH_SINGLE | USER_MANAGER |
| request body
{ “login”: “complience_spesialist_1@sdkfinance.com”, “role”: “complience_spesialist”, “organizationId”: “6f7e4c4c-df76-42ec-96ba-6447015392e7” } |
The existing organizationId field in request means that a new User with role complience_spesialist should be attached to existing Organization with role compliance_manager.
As a result of API call the exception is thrown because the Organization with role compliance_manager has in configuration member-creation only param ATTACH_SINGLE. This param means that Organization can have relationship to only one User and this is an existing compliance_manager User.
Attach a new created User to an existing Organization: OK
| API caller | info | configuration member-creation | permission | |
| create new User with Member [role: complience_spesialist] | source | CREATE_NEW_ORGANIZATION | ||
| + | existing User with Member [role: compliance_manager] | target | ATTACH_MULTIPLE | USER_MANAGER |
| request body
{ “login”: “complience_spesialist_2@sdkfinance.com”, “role”: “complience_spesialist”, “organizationId”: “6f7e4c4c-df76-42ec-96ba-6447015392e7” } |
The existing organizationId field in request means that a new User with role complience_spesialist should be attached to existing Organization with role compliance_manager.
As a result of API call a new User, new Member with role complience_spesialist is created and linked to the existing Organization (id = “6f7e4c4c-df76-42ec-96ba-6447015392e7”) with role compliance_manager because compliance_manager has in configuration member-creation only param ATTACH_MULTIPLE. This param means that Organization can have relationship to more then one User.
Create a new User and a new Organization: OK
| API caller | info | configuration member-creation | permission | |
| create new User with Member [role: complience_spesialist] | source | CREATE_NEW_ORGANIZATION | ||
| + | existing User with Member [role: compliance_manager] | target | ATTACH_MULTIPLE | USER_MANAGER |
| request body
{ “login”: “complience_spesialist_3@sdkfinance.com”, “role”: “complience_spesialist” } |
There is no organizationId field in request. It means that a new User, a new Member with role complience_spesialist with a new Organization should be created.
As a result of API call a new User, new Member with role complience_spesialist is created and linked to the newly created Organization because complience_spesialist has in configuration member-creation only param CREARTE_NEW_ORGANIZATION. This param means that a new Organization could be created with relationship to new created Member and User.
Create a new User and a new Organization: FAIL throws exception
| API caller | info | configuration member-creation | permission | |
| create new User with Member [role: complience_spesialist] | source | ATTACH_MULTIPLE | ||
| + | existing User with Member [role: compliance_manager] | target | ATTACH_MULTIPLE | USER_MANAGER |
| request body
{ “login”: “complience_spesialist_4@sdkfinance.com”, “role”: “complience_spesialist” } |
There is no organizationId field in request. It means that a new User, a new Member with role complience_spesialist with a new Organization should be created.
As a result of API call the exception is thrown because the Organization with role complience_spesialist has in configuration member-creation only param ATTACH_MULTIPLE. To create a new Organization CREARTE_NEW_ORGANIZATION is required in a set of member-creation params.
Example of configurations for Organization type: ‘cash_desk’ and role: ‘cashier’ to allow create a new Organizations.
member-creation: should have CREATE_NEW_ORGANIZATION and USER_MANAGER also should be present in permissions
core: organizations: environment-permission-key-pattern: 'core.organizations.%s.roles.%s.permissions' permission-configs: - type: 'cash_desk' default-status: 'approved' roles: - role: 'cashier' enabled: true member-creation: [ 'CREATE_NEW_ORGANIZATION', 'ATTACH_MULTIPLE' ] permissions: - 'ISSUER_VIEWER' - 'CURRENCY_VIEWER' - 'COIN_VALIDATOR' - 'CONTACT_VALIDATOR' - 'CASHIER' - 'PROFILE_OWNER' - 'TRANSACTIONS_VIEWER' - 'CONVERSATION_VIEWER' - 'CONVERSATION_MESSAGE_CREATION_EXECUTOR' - 'CASH_DESK_TOPUP_EXECUTOR' - 'CONTACT_ORGANIZATIONS_VIEWER' - 'COIN_VIEWER' - 'USER_MANAGER' - 'USER_VIEWER'