Summary
Following feature updates are covered in this update:
Resource Access Management
Updated User Role Management
Resource Access Management
A new flow for Resource access management has been introduced in Account Server. Through this flow you’ll be able to create app level resource types
(e.g. LOCATIONS, REPORTS, STORES, CLIENTS, etc.), roles associated with a particular resource type
, domain level resources
(e.g WAREHOUSE_BLR, STORE_DELHI, CLIENT_1, etc.) and the resource type roles will automatically get associated with the domain level resources. For better understanding, let’s take an example.
For example, let's say we have an app level resource type WAREHOUSE and for a particular domain let’s say domain increff, we have resources WAREHOUSE_1, WAREHOUSE_2 & WAREHOUSE_3. So, what a domain admin can do is, he/she can assign roles to a user for a domain level resource, like allowing them to access only WAREHOUSE_1 & WAREHOUSE_2. This will help in simplifying the resource access management as currently this happens separately on different products.
There are 2 flows for the above scenario which have been explained below.
Internal / Super Admin Flow
Read about the Internal flow here: /wiki/spaces/SAP/pages/366837927
Domain Admin Flow
Here, the
...
Roles option as shown.
...
2. Next, the user will be able to create roles associated with a resource type.
Domain Admin Flow
...
domain admin user will be able to create domain level resources on the basis of resource type available for the current logged in application.
The option to create domain level resource will only be enabled if the user has
resource.admin
role.
...
3. Once a domain level resource is created, you will be able to view it inside the role management modal as used before for role management for a user.
User Role Management
User Role Management flow has been updated and is explained below.
Once you click on user’s name, the role management modal will show. Now you have 2 options based on Role Level -
Top
&Resource
.
...
By default
Top
will be selected and you will be shown the roles on the top level i.e roles not associated with resources. (e.gSaaS
for the current logged in example). This is the same flow as before and you can select the name of the application through the dropdown present.Another option is
Resource
. Once clicked on that you'll be able to select the resource type and resource value on the basis of which you'll be able to view & manage the roles available for a particular domain level resource.
...