Securing custom user role definitions

A role is an account definition that assigns a set of permissions to accomplish specific tasks that are associated with that role. When you create a custom role definition, you can associate it with an owning organization that specifies the domain in which the role has permissions to accomplish tasks.

Permissions define the actions that AS4 Microservice users and system resources can perform. If a role does not have permission to access a function, that function is not displayed in the user interface of the affected user. Access can be restricted by removing roles or by assigning restricted roles.

AS4 Microservice includes a default Master Account administrator and System Administration user profile that has permission to create objects such as roles and access many system functions.

Each role defines the categories of permissions that the role uses to accomplish tasks and can be assigned permissions to access all or only one of the system resources.

For custom role definitions, permissions can be assigned for each system resource to be read (view), create, update_from, update_to,delete, changepassword, disable, enable, deploy, associaterole, run, associateuser, (or any combination thereof).

You use each custom role with an owner organization to limit the number of users who can exchange their data. When the appropriate custom role permissions are granted, the owner organization's data is further secured. The data is only exchanged through the specified system resources and according to the granted permissions. Permissions are assigned as pertaining to a specific partner known as the owner organization. Therefore, permissions can be assigned on a per partner basis and the role definition is enforced for that partner's domain.