Managing Users and Roles

Order Management Server supports role-based authorization. The user must belong to either ROLE_USER or ROLE_ADMIN.

The following table shows business functions and a list of roles that are authorized to perform the business functions.

Note: You can change the roles to perform business functions. This can be achieved by changing 'Application Security Configurations' category for all services application from the configurator UI.

Order Management Server Interface Function Roles
Orchestrator Submit Order ROLE_ADMIN
Get Order Detail ROLE_USER, ROLE_ADMIN
Order withdraw ROLE_ADMIN
PlanItem Execute Reply ROLE_ADMIN
AmendOrder ROLE_ADMIN
FeasibilityReply ROLE_ADMIN
ActivateOrderRequest ROLE_ADMIN
CancelOrder ROLE_ADMIN
GetOrderExecutionPlan ROLE_USER, ROLE_ADMIN
SuspendOrderRequest ROLE_ADMIN
BulkAction ROLE_ADMIN
PlanItemBulkErrorHandler ROLE_ADMIN
PlanItemErrorHandler ROLE_ADMIN
MilestoneNotifyRequest ROLE_ADMIN
PlanItemSuspendResponse ROLE_ADMIN
PreQualificationFailedReply ROLE_ADMIN
submitOrderExecutionPlan ROLE_ADMIN

planItemSuspendReply

ROLE_ADMIN

Purge Order

ROLE_ADMIN

orderScXml

ROLE_USER, ROLE_ADMIN

getplanfragment

ROLE_USER, ROLE_ADMIN
GetOrderMessages ROLE_USER,ROLE_ADMIN
GetOrderStatus ROLE_USER,ROLE_ADMIN

submitPlanErrorNotification

ROLE_ADMIN
Catalog Service submitPlanFragmentModel ROLE_ADMIN
purgePlanFragmentModel ROLE_ADMIN
submitProductModel ROLE_ADMIN
purgeProductModel ROLE_ADMIN
submitActionModel ROLE_ADMIN
purgeActionModel ROLE_ADMIN

getProductModelRoles

ROLE_ADMIN

getPlanFragmentModelRoles

ROLE_ADMIN

getActionModelRoles

ROLE_ADMIN

getAllActionModelRoles

ROLE_ADMIN

getAllProductModelRoles

ROLE_ADMIN
getAllPlanFragmentModelRoles ROLE_ADMIN
Data Service setPlanRequest ROLE_ADMIN
setPlanItemRequest ROLE_ADMIN
getPlanItemsRequest ROLE_USER, ROLE_ADMIN
getPlanRequest ROLE_USER, ROLE_ADMIN
Archival Service getOrderSummary ROLE_USER, ROLE_ADMIN
getOrdersByCriteria ROLE_USER, ROLE_ADMIN
getPlansByCriteria ROLE_USER,ROLE_ADMIN
getAuditTrailsData ROLE_USER,ROLE_ADMIN
purgeOrder ROLE_ADMIN
SubmitAuditTrail ROLE_ADMIN
GetSavedSearches ROLE_USER,ROLE_ADMIN
UpdateSavedSearches ROLE_ADMIN
SavedSearches ROLE_ADMIN
DeleteSavedSearches ROLE_ADMIN

Changing the Default Roles of a User

    Procedure
  1. Open the $OM_HOME/roles/authorization-service/standalone/config/application.properties file in a text editor and update allowedUserRoles property with the required role values.

    Note: In the case of OIDC, add UserRoles specific to your organization in this property.
  2. Register the required tenant. See Registering a Tenant. For more information on the Tenant Registration APIs, see the "Authorization Service API Samples" topic in the TIBCO® Order Management Web Services Guide.

  3. Create a user with the roles that are set in the previous step. See Create User.

  4. Open the $OM_HOME/roles/configurator/standalone/config/application.properties file in a text editor and update the configuratorAccessRoles property with the required roles.

  5. Update the operation role values under 'Application Security Configurations' category for all the services from the configurator UI.