fix(cx-central realm): change role assignments and update r&r concept (…

…#252) * fix: add and remove role assignments #185 (comment) * docs: update rights and roles concept #185 (comment)
eclipse-tractusx · Jan 13, 2025 · 799b36d · 799b36d
1 parent 54d03da
commit 799b36d
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 21 deletions.
diff --git a/docs/admin/technical-documentation/06. Roles & Rights Concept.md b/docs/admin/technical-documentation/06. Roles & Rights Concept.md
@@ -136,33 +136,33 @@ This role concept covers all roles related to
 | Decline Service Releases (decline_service_release) | x | | | | | | | | | | |
 | Delete Documents (delete_documents) | x | x | | | | | x | | x | | |
 | **User Management** | | | | | | | | | | | |
-| Access User Management (view_user_management) | x | x | x | x | x | x | x | x | x | x | |
+| Access User Management (view_user_management) | x | x | x | x | x | x | x | x | x | x | x |
 | Add a new user (add_user_account) | x | x | x | x | | | | | | | |
 | Delete a user of the same org. (delete_user_account) | x | x | | x | | | | | | | |
 | Modify a user of the same org. (modify_user_account) | x | x | x | x | | | | | | | |
 | View Offer Roles - apps as well as core offers. Needed for users which can change role assignment and create user accounts (view_client_roles) | x | x | x | x | | | | | | | |
-| View own user account details (view_own_user_account) | x | x | x | x | x | x | x | x | x | x | |
-| Modify my user account (update_own_user_account) | x | x | x | x | x | x | x | x | x | x | |
-| Delete my user account (delete_own_user_account) | x | x | x | x | x | x | x | x | x | x | |
+| View own user account details (view_own_user_account) | x | x | x | x | x | x | x | x | x | x | x |
+| Modify my user account (update_own_user_account) | x | x | x | x | x | x | x | x | x | x | x |
+| Delete my user account (delete_own_user_account) | x | x | x | x | x | x | x | x | x | x | x |
 | Technical User Management (view_tech_user_management) | x | x | | x | | | x | x | | x | |
 | View Technical User Roles (technical_roles_management) | x | x | | x | | |x | x | | x | |
 | Create Technical User (add_tech_user_management) | x | x | | x | | | |x| | x | |
 | Delete Technical User (delete_tech_user_management) | x | x | | x | | | |x| | x | |
 | **Technical Management** | | | | | | | | | | | |
 | View Technical Integration on the UI - no backend permission (view_technical_setup) - **obsolete** | x | x |  | x | | | x | x | | x | |
-| View IdP Details (view_idp) | x | x | x | x | | | | | x | | |
+| View IdP Details (view_idp) | x | x | x | x | | | | | | | |
 | View Managed IdP Details (view_managed_idp) | x | x | | x | | | | | | x | |
-| Create a new IdP record (add_idp) | x | x | | x | | | | | | x | |
-| Update IdP Config (setup_idp) | x | x | | x | | | | | | x | |
-| Disable one IdP of same organization (disable_idp) | x | x | | x | | | | | | x | |
-| Delete one IdP of same organization (delete_idp) | x | x | | x | | | | | | x | |
+| Create a new IdP record (add_idp) | x | x | | x | | | | | | | |
+| Update IdP Config (setup_idp) | x | x | | x | | | | | | | |
+| Disable one IdP of same organization (disable_idp) | x | x | | x | | | | | | | |
+| Delete one IdP of same organization (delete_idp) | x | x | | x | | | | | | | |
 | View Connectors (view_connectors) | x | x | | x | | | | x | | x | |
 | Add Connectors (add_connectors) | x | x | | x | | | | | | x | |
 | Delete Connectors (delete_connectors) | x | x | | x | | | | | | x | |
 | Self Description creation - needed for connector registration (add_self_descriptions) | x | x | | x | | | | | | x | |
 | **App Marketplace** | | | | | | | | | | | |
 | See App & App Details (view_apps) | x | x | x | x | x | x | x | x | x | x | x |
-| Subscribe Apps (subscribe_apps) | x | x | x | | | x | | | | x | |
+| Subscribe Apps (subscribe_apps) | x | x | x | | | x | | | | | |
 | **Service Marketplace** | | | | | | | | | | | |
 | View all available services inside the service marketplace (view_service_marketplace) | x | x | x | x | x | x | x | x | x | x | x |
 | View service details (view_service_offering) | x | x | x | x | x | x | x | x | x | x | x |
@@ -180,11 +180,10 @@ This role concept covers all roles related to
 | Delete own notification (delete_notifications) | x | x | x | x | x | x | x | x | x | x | x |
 | **Offer Management (Apps)** | | | | | | | | | | | |
 | View Company Apps (app_management) | x | x | | | | | | | | | |
-| Activate App Subscription Request (activate_subscription) | x | x | | | | | | | | | |
 | Upload new Apps (add_apps) | x | | | | | | | x | | | |
 | Modify Apps (edit_apps) | x | | | | | | x | x | | | |
 | Delete Apps (delete_apps) | x | | | | | | | x | | | |
-| Activate App Subscription (activate_subscription) | x | | | | | | | x | x | x | |
+| Activate App Subscription (activate_subscription) | x | x | | | | | | x | | x | |
 | Get all owned apps and view technical details as well as customer data (app_management) | x | | | | | | x | x | x | | |
 | Gets an overview of subscriptions active, inactive, pending (view_app_subscription) | x | x | x | | | x | | x | x | | |
 | App Subscription Status (view_autosetup_status) | x | x | x | | | | | x | | | |

diff --git a/import/realm-config/generic/catenax-central/CX-Central-realm.json b/import/realm-config/generic/catenax-central/CX-Central-realm.json
@@ -278,8 +278,7 @@
                 "view_wallet"
               ],
               "Cl1-CX-Registration": [
-                "view_registration",
-                "delete_documents"
+                "view_registration"
               ],
               "Cl24-CX-SSI-CredentialIssuer": [
                 "view_credential_requests"
@@ -314,7 +313,8 @@
                 "update_own_user_account",
                 "view_service_offering",
                 "update_service_offering",
-                "view_notifications"
+                "view_notifications",
+                "view_managed_idp"
               ],
               "Cl3-CX-Semantic": [
                 "add_semantic_model",
@@ -654,8 +654,6 @@
               "Cl2-CX-Portal": [
                 "CX User",
                 "unsubscribe_apps",
-                "delete_certificates",
-                "upload_certificates",
                 "unsubscribe_services",
                 "view_service_subscriptions",
                 "view_certificates",
@@ -769,7 +767,10 @@
                 "subscribe_apps",
                 "view_app_language",
                 "delete_idp",
-                "view_notifications"
+                "view_notifications",
+                "view_service_subscriptions",
+                "app_management",
+                "activate_subscription"
               ],
               "Cl3-CX-Semantic": [
                 "add_semantic_model",
@@ -1381,7 +1382,6 @@
                 "view_own_user_account",
                 "add_self_descriptions",
                 "view_certificates",
-                "subscribe_service",
                 "view_membership",
                 "view_company_data",
                 "view_technical_setup",
@@ -1455,11 +1455,9 @@
                 "unsubscribe_services",
                 "view_service_subscriptions",
                 "view_certificates",
-                "activate_subscription",
                 "subscribe_service",
                 "view_service_offering",
                 "view_app_subscription",
-                "app_management",
                 "subscribe_apps",
                 "service_management"
               ]