Each service has a set of permissions defined. When a service access another service, the user needs those permissions too. Each permission can come in the flavors READ, WRITE, and DELETE. If you give a user a permission in a service, you should give them all the permissions in the other services that one permission depends on. This page documents those permissions and their dependencies to make this easier:
Table of Contents maxLevel 2
provisioner
All provisioner endpoints are permissioned as system permissions. The provisioner provides no other permissions, and no service depends on provisioner permissions.
...
deposit-account-management
Depends on the services rhythm, accounting, and customer. The dependency to rhythm has no influence on configurable permissions.
deposit__v1__definition
flavors: READ, WRITE, DELETE
deposit__V1__definition.READ
- accounting__v1__account.READ
- accounting__v1__ledger.READ
portfolio__v1_definitions.WRITE
- accounting__v1__account.READ
- accounting__v1__ledger.READ
- accounting__v1__journal.WRITE
deposit__v1__instance
flavors: READ, WRITE
deposit__v1__instance.READ
- accounting__v1__account.READ
deposit__v1__instance.WRITE
- accounting__v1__account.WRITE
- accounting__v1__ledger.READ
portfolio
Depends on the services rhythm, accounting, and customer. The dependency to rhythm has no influence on configurable permissions.
...
flavors: READ, WRITE, DELETE
teller__v1__management.READ
- office__v1__offices.READ
- accounting_v1_account.READ
teller__v1__management.WRITE
- office__v1__offices.READ
- office__v1__offices.WRITE
- office__v1__employees.READ
- accounting__v1__account.READ
- accounting__v1__journal.WRITE
teller__v1__operation
flavors: READ, WRITE
reporting
Reporting does not depend on other services.
...
WRITE
teller__v1__operation.WRITE
- office__v1__employees.READ
- accounting__v1__account.READ
- accounting__v1__journal.WRITE
- deposit__v1__definition.READ
- deposit__v1__instance.READ
- deposit__v1__instance.WRITE
- cheques__v1__management.READ
- cheques__v1__transaction.WRITE
- portfolio__v1__case.READ
- portfolio__v1__case.WRITE
cheques
cheques__v1__management
flavors: READ, WRITE
cheques__v1_management.WRITE
- accounting__v1__journal.READ
- accounting__v1__journal.WRITE
cheques__v1_transaction
flavors: READ, WRITE
cheques__v1__transaction.READ
- office__v1__offices.READ
- accounting__v1__account.READ
- accounting__v1__journal.WRITE
payroll
payroll__v1__
...
configuration
flavors: READ, WRITE
...
WRITE, DELETE
payroll__v1__configuration.WRITE
- customer__v1__customer.READ
- account__v1__account.READ
payroll__v1__distribution
payroll__v1__distribution.WRITE
- customer__v1__customer.READ
- account
...
- __v1__
...
- account.READ
- accounting__v1_journal.WRITE
reporting
Reporting does not depend on other services.
reporting
...
__v1__general
flavors: READ, WRITE
instance";