Configuring Role Permissions
Temenos Explorer uses the roles defined for a user in Keycloak but augments these roles with additional configuration that includes access to menu items and application actions.
For a newly created role you will need to add a new entry into the Temenos Explorer permissions configuration to allow users with this role to access the required menu items and to be able to perform specific actions within your application.
Configuration
Role permissions are located in /TemenosExplorer/public/TA_permissions.js and are explained below:
Top Level Config
All role permission entries are added into the Roles array within the PERMISSIONS object:
const PERMISSIONS =
{
"Roles": [
/* Add role permissions configuration here */
]
}
Role Permission Object
Each role must have an role permission object:
{
"RoleId": "SampleUser",
"RoleDescription": "Sample user role with basic permissions",
"TransactRoleId": "ALL",
"LegalEntity": "",
"Startup": "",
"Dashboard": "",
"Menus": "Customers,Accounts",
"Permissions": [],
"ServiceRequests": [],
}
The properties of the role permissions object are as follows:
| Property | Type | Desription |
|---|---|---|
| RoleId | string | The Keycloak role ID |
| RoleDescription | string | A description of the role |
| TransactRoleId | string | The corresponding Transact role ID, use default value of "ALL" |
| LegalEntity | string | The T24 company for calls to IRIS APIs, use default value of "" if not required |
| Startup | string | The ID of the plugin to show on first login |
| Dashboard | string | TBC |
| Menus | string | Menus which users in this role are permitted to access (comma delimited) |
| Permissions | array | Plugin specific actions which users in this role are permitted to perform |
| ServiceRequests | array | TBC |
Add Permissions for a New Role
To add permissions for a role in Keycloak, simply add a new role permission object to the Roles array:
{
"RoleId": "SampleUser",
"RoleDescription": "Sample user role with basic permissions",
"TransactRoleId": "ALL",
"LegalEntity": "",
"Startup": "",
"Dashboard": "",
"Menus": "Customers,Accounts",
"Permissions": [
"searchCustomers",
"searchPayments",
"searchProducts",
"searchTransactions",
"secureMessages",
"viewServiceRequest",
"viewAccountActivity",
"viewExternalProducts",
"viewPricing",
"viewProductCatalog",
"viewStandingOrders",
"viewLoanServicing",
"viewDepositServicing",
"viewAccountServicing",
"viewAccountDocuments"
],
"ServiceRequests": [],
}
Please ensure that your role has a unique name and that there is no existing permissions entry with the same RoleId value before adding a new permissions entry.
Menu Permissions
All menu permissions will be automatically applied by the Temenos Explorer platform and the logged in user will only be able to see menu items applicable to their currently selected role.
Plugin Permissions
Plugin permissions will need to be handled within your own application business logic. To do this you will need to use the isPermissionGranted() method and data stores detailed in the role permissions reference guide.