Managing Users and Roles
Order Management Server supports role-based authorization. The user must belong to either ROLE_USER or ROLE_ADMIN.
The following table shows business functions and a list of roles that are authorized to perform the business functions.
Order Management Server Interface | Function | Roles |
---|---|---|
Orchestrator | Submit Order | ROLE_ADMIN |
Get Order Detail | ROLE_USER, ROLE_ADMIN | |
Order withdraw | ROLE_ADMIN | |
PlanItem Execute Reply | ROLE_ADMIN | |
AmendOrder | ROLE_ADMIN | |
FeasibilityReply | ROLE_ADMIN | |
ActivateOrderRequest | ROLE_ADMIN | |
CancelOrder | ROLE_ADMIN | |
GetOrderExecutionPlan | ROLE_USER, ROLE_ADMIN | |
SuspendOrderRequest | ROLE_ADMIN | |
BulkAction | ROLE_ADMIN | |
PlanItemBulkErrorHandler | ROLE_ADMIN | |
PlanItemErrorHandler | ROLE_ADMIN | |
MilestoneNotifyRequest | ROLE_ADMIN | |
PlanItemSuspendResponse | ROLE_ADMIN | |
PreQualificationFailedReply | ROLE_ADMIN | |
submitOrderExecutionPlan | ROLE_ADMIN | |
planItemSuspendReply |
ROLE_ADMIN | |
Purge Order |
ROLE_ADMIN | |
orderScXml |
ROLE_USER, ROLE_ADMIN | |
getplanfragment |
ROLE_USER, ROLE_ADMIN | |
GetOrderMessages | ROLE_USER,ROLE_ADMIN | |
GetOrderStatus | ROLE_USER,ROLE_ADMIN | |
submitPlanErrorNotification |
ROLE_ADMIN | |
Catalog Service | submitPlanFragmentModel | ROLE_ADMIN |
purgePlanFragmentModel | ROLE_ADMIN | |
submitProductModel | ROLE_ADMIN | |
purgeProductModel | ROLE_ADMIN | |
submitActionModel | ROLE_ADMIN | |
purgeActionModel | ROLE_ADMIN | |
getProductModelRoles |
ROLE_ADMIN | |
getPlanFragmentModelRoles |
ROLE_ADMIN | |
getActionModelRoles |
ROLE_ADMIN | |
getAllActionModelRoles |
ROLE_ADMIN | |
getAllProductModelRoles |
ROLE_ADMIN | |
getAllPlanFragmentModelRoles | ROLE_ADMIN | |
Data Service | setPlanRequest | ROLE_ADMIN |
setPlanItemRequest | ROLE_ADMIN | |
getPlanItemsRequest | ROLE_USER, ROLE_ADMIN | |
getPlanRequest | ROLE_USER, ROLE_ADMIN | |
Archival Service | getOrderSummary | ROLE_USER, ROLE_ADMIN |
getOrdersByCriteria | ROLE_USER, ROLE_ADMIN | |
getPlansByCriteria | ROLE_USER,ROLE_ADMIN | |
getAuditTrailsData | ROLE_USER,ROLE_ADMIN | |
purgeOrder | ROLE_ADMIN | |
SubmitAuditTrail | ROLE_ADMIN | |
GetSavedSearches | ROLE_USER,ROLE_ADMIN | |
UpdateSavedSearches | ROLE_ADMIN | |
SavedSearches | ROLE_ADMIN | |
DeleteSavedSearches | ROLE_ADMIN |
Changing the Default Roles of a User
- Procedure
-
Open the
$OM_HOME/roles/authorization-service/standalone/config/application.properties
file in a text editor and updateallowedUserRoles
property with the required role values.Note: In the case of OIDC, add UserRoles specific to your organization in this property. -
Register the required tenant. See Registering a Tenant. For more information on the Tenant Registration APIs, see the "Authorization Service API Samples" topic in the TIBCO® Order Management Web Services Guide.
-
Create a user with the roles that are set in the previous step. See Create User.
-
Open the
$OM_HOME/roles/configurator/standalone/config/application.properties
file in a text editor and update theconfiguratorAccessRoles
property with the required roles. -
Update the operation role values under 'Application Security Configurations' category for all the services from the configurator UI.