Role Permissions
getPermissions()
This method will update the data stores which hold the user role and permission data, loading permissions configuration from the file TA_Permissions.js.
This method is invoked as part of the post-login process so there is no requirement to invoke this from your plugin.
Access
- The method is globally defined in
TA_script.js - The method is globally available via the proxy window object
top["getPermissions"]
Parameters
| Parameter | Type | Description |
|---|---|---|
role | string | A single role or comma delimited list of roles |
Return Value
None
Data Stores
The following data stores are updated by this method:
top["role"]top["roledesc"]top["transactrole"]top["legalentity"]top["startupPage"]top["dashboard"]top["permissions"]
getXACMLPolicy()
This method will update the data stores which hold the user role and permission data, loading permissions configuration from a generic config microservice.
This method is invoked as part of the post-login process so there is no requirement to invoke this from your application.
This method is currently a placeholder as this functionality has not yet been implemented.
Access
- The method is globally defined in
TA_script.js - The method is globally available via the proxy window object
top["getPermissions"]
Parameters
| Parameter | Type | Description |
|---|---|---|
role | string | A single role or comma delimited list of roles |
Return Value
None
Data Stores
The following data stores are updated by this method:
top["role"]top["roledesc"]top["transactrole"]top["legalentity"]top["startupPage"]top["dashboard"]top["permissions"]
isPermissionGranted()
This method checks if the logged in user has permission to perform the specified action for their currently selected role.
Access
- The method is globally defined in
TA_script.js - The method is globally available via the proxy window object
top["isPermissionGranted"]
Parameters
| Parameter | Type | Description |
|---|---|---|
action | string | The ID of the action to check if the user has permission to perform |
Return Value
| Type | Description |
|---|---|
| boolean | true If the user has permission to perform the action, false if not |
getRoleNames()
This method matches the roles from Keycloak with the roles defined in TA_permissions.js to identify common and valid roles for the logged in user. If there is a role in Keycloak which does not have a matching entry in TA_permissions.js then this role will be ignored and will not be available to the user for selection.
This method is invoked as part of the post-login process so there is no requirement to invoke this from your application.
Access
- The method is globally defined in
TA_script.js - The method is globally available via the proxy window object
top["getRoleNames"]
Parameters
None
Return Value
None
Data Stores
The following data stores are updated by this method:
top["roles"]top["rolenames"]top["applicablerole"]
Planned Changes
Currently permissions configuration is hardcoded in the file TA_permissions.js. Whilst this is adequate for development and testing, this is not ideal for production.
In future permissions configuration will be provided through a generic config microservice using XACML policies and a PAP user interface to manage these. Permissions configuration will remain in the same format within Temenos Explorer and therefore the isPermissionGranted() method will continue to function unchanged.