Each service has a set of permissions defined. When a service access another service, the user needs those permissions too. Each permission can come in the flavors READ, WRITE, and DELETE. If you give a user a permission in a service, you should give them all the permissions in the other services that one permission depends on. This page documents those permissions and their dependencies to make this easier:
Table of Contents maxLevel 2
provisioner
All provisioner endpoints are permissioned as system permissions. The provisioner provides no other permissions, and no service depends on provisioner permissions.
...
Identity does not depend on other services.
identity__v1__users
flavors: READ, WRITE
...
deposit-account-management
Depends on the services rhythm, accounting, and customer. The dependency to rhythm has no influence on configurable permissions.
deposit__v1__definition
flavors: READ, WRITE, DELETE
deposit__V1__definition.READ
- accounting__v1__account.READ
- accounting__v1__ledger.READ
portfolio__v1_definitions.WRITE
- accounting__v1__account.READ
- accounting__v1__ledger.READ
- accounting__v1__journal.WRITE
deposit__v1__instance
flavors: READ, WRITE
deposit__v1__instance.READ
- accounting__v1__account.READ
deposit__v1__instance.WRITE
- accounting__v1__account.WRITE
- accounting__v1__ledger.READ
portfolio
Depends on the services rhythm, accounting, and customer. The dependency to rhythm has no influence on configurable permissions.
...
flavors: READ, WRITE, DELETE
teller__v1__management.READ
- office__v1__offices.READ
- accounting_v1_account.READ
teller__v1__management.WRITE
- office__v1__offices.READ
- office__v1__offices.WRITE
- office__v1__employees.READ
- accounting__v1__account.READ
- accounting__v1__journal.WRITE
teller__v1__operation
flavors: READ, WRITE
teller__v1__operation.WRITE
reporting
Reporting does not depend on other services.
...
- office__v1__employees.READ
- accounting__v1__account.READ
- accounting__v1__journal.WRITE
- deposit__v1__definition.READ
- deposit__v1__instance.READ
- deposit__v1__instance.WRITE
- cheques__v1__management.READ
- cheques__v1__transaction.WRITE
- portfolio__v1__case.READ
- portfolio__v1__case.WRITE
cheques
cheques__v1__management
flavors: READ, WRITE
cheques__v1_management.WRITE
- accounting__v1__journal.READ
- accounting__v1__journal.WRITE
cheques__v1_transaction
flavors: READ, WRITE
cheques__v1__transaction.READ
- office__v1__offices.READ
- accounting__v1__account.READ
- accounting__v1__journal.WRITE
payroll
payroll__v1__
...
configuration
flavors: READ, WRITE
...
WRITE, DELETE
payroll__v1__configuration.WRITE
- customer__v1__customer.READ
- account__v1__account.READ
payroll__v1__distribution
payroll__v1__distribution.WRITE
- customer__v1__customer.READ
- account
...
- __v1__
...
- account.READ
- accounting__v1_journal.WRITE
reporting
Reporting does not depend on other services.
reporting
...
__v1__general
flavors: READ, WRITE
instance";