Fineract CN service permission dependencies

Each service has a set of permissions defined. When a service access another service, the user needs those permissions too. Each permission can come in the flavors READ, WRITE, and DELETE. If you give a user a permission in a service, you should give them all the permissions in the other services that one permission depends on. This page documents those permissions and their dependencies to make this easier:

provisioner

All provisioner endpoints are permissioned as system permissions. The provisioner provides no other permissions, and no service depends on provisioner permissions.

identity

Identity does not depend on other services.

identityv1users

flavors: READ, WRITE

identityv1roles

flavors: READ, WRITE, DELETE

identityv1self

A user's ability to change their own password, and to permit services to act on their behalf. This permission cannot be withdrawn.

flavors: READ, WRITE, DELETE

identityv1app_self

A service's ability to request permissions to other services

flavors: READ, WRITE

rhythm

All rhythm endpoints have system permissions. Creating a beat for a tenant requires the identity__v1__app_self permission.

accounting

Accounting does not depend on other services.

accountingv1ledger

flavors: READ, WRITE, DELETE

accountingv1account

flavors: READ, WRITE, DELETE

accountingv1journal

flavors: READ, WRITE

accountingv1tx_types

flavors: READ, WRITE

accountingv1income_stmt

flavors: READ

accountingv1fin_condition

flavors: READ

office

The office service relies on the user ids from identity, but does not access any other services. Office is not dependent on any other permissions.

officev1offices

flavors: READ, WRITE, DELETE

officev1employees

flavors: READ, WRITE, DELETE

officev1self

The ability for an employee to edit their own details including contact details.

flavors: READ, WRITE, DELETE

customer

The customer service is not dependent on any other services.

customerv1customer

flavors: READ, WRITE

customerv1portrait

flavors: READ, WRITE, DELETE

customerv1identifications

flavors: READ, WRITE, DELETE

customerv1task

flavors: READ, WRITE

catalogv1catalog

The ability to add custom properties for customers.

flavors: READ, WRITE, DELETE

group

Permission modeling of the group service is incomplete.

deposit-account-management

Depends on the services rhythm, accounting, and customer. The dependency to rhythm has no influence on configurable permissions.

depositv1definition

flavors: READ, WRITE, DELETE

deposit__V1__definition.READ

accounting__v1__account.READ
accounting__v1__ledger.READ

portfolio__v1_definitions.WRITE

accounting__v1__account.READ
accounting__v1__ledger.READ
accounting__v1__journal.WRITE

depositv1instance

flavors: READ, WRITE

deposit__v1__instance.READ

accounting__v1__account.READ

deposit__v1__instance.WRITE

accounting__v1__account.WRITE
accounting__v1__ledger.READ

portfolio

Depends on the services rhythm, accounting, and customer. The dependency to rhythm has no influence on configurable permissions.

portfoliov1products__enable

flavors: READ, WRITE

portfolio__v1__products__enable.WRITE requires

accounting__v1__account.READ
accounting__v1__ledger.READ

portfolio__v1__products__enable.READ requires

accounting__v1__account.READ
accounting__v1__ledger.READ

portfolio__v1__products__lossprv

flavors: READ, WRITE

portfoliov1products

flavors: READ, WRITE, DELETE

portfoliov1case

flavors: READ, WRITE

portfolio__v1__case.WRITE dependent on:

customer__v1__customer.READ
accounting__v1__journal.WRITE
accounting__v1__ledger.WRITE
accounting__v1__ledger.READ

teller

tellerv1management

flavors: READ, WRITE, DELETE

teller__v1__management.READ

office__v1__offices.READ
accounting_v1_account.READ

teller__v1__management.WRITE

office__v1__offices.READ
office__v1__offices.WRITE
office__v1__employees.READ
accounting__v1__account.READ
accounting__v1__journal.WRITE

tellerv1operation

flavors: READ, WRITE

reporting

Reporting does not depend on other services.

reportingv1general

flavors: READ, WRITE

Page tree

Fineract CN service permission dependencies

provisioner

identity

identity__v1__users

identity__v1__roles

identity__v1__self

identity__v1__app_self

rhythm

accounting

accounting__v1__ledger

accounting__v1__account

accounting__v1__journal

accounting__v1__tx_types

accounting__v1__income_stmt

accounting__v1__fin_condition

office

office__v1__offices

office__v1__employees

office__v1__self

customer

customer__v1__customer

customer__v1__portrait

customer__v1__identifications

customer__v1__task

catalog__v1__catalog

group

deposit-account-management

deposit__v1__definition

deposit__v1__instance

portfolio

portfolio__v1__products__enable

portfolio__v1__products

portfolio__v1__case

teller

teller__v1__management

teller__v1__operation

reporting

reporting__v1__general

identityv1users

identityv1roles

identityv1self

identityv1app_self

accountingv1ledger

accountingv1account

accountingv1journal

accountingv1tx_types

accountingv1income_stmt

accountingv1fin_condition

officev1offices

officev1employees

officev1self

customerv1customer

customerv1portrait

customerv1identifications

customerv1task

catalogv1catalog

depositv1definition

depositv1instance

portfoliov1products__enable

portfoliov1products

portfoliov1case

tellerv1management

tellerv1operation

reportingv1general