...
For example, let's say we have an app level resource type WAREHOUSE and for a particular domain let’s say domain increff, we have resources WAREHOUSE_1, WAREHOUSE_2 & WAREHOUSE_3. So, what a domain admin can do is, he/she can assign roles to a user for a domain level resource, like allowing them to access only WAREHOUSE_1 & WAREHOUSE_2. This will help in simplifying the resource access management as currently this happens separately on different products.
There are 2 flows for the above scenario which have been explained below.
Internal / Super Admin Flow
Here, the
superadminuser can create app level resource by using the Manage Application Resources option next to Manage Application Roles.
...
2. Next, the user will be able to create roles associated with a resource type by using the Manage Application Roles popup. There is a bifurcation between app and resource level roles and you can use the radio button provided to choose the roles shown according to your choice.
...
Read about the Internal flow here: /wiki/spaces/SAP/pages/366837927
Domain Admin Flow
Here, the domain admin user will be able to create domain level resources on the basis of resource type available for the current logged in application.
The option to create domain level resource will only be enabled if the user has
app.adminorresource.adminrole.
...
3. Once a domain level resource is created, you will be able to view it inside the role management modal as used before for role management for a user.
...