System Roles in Authorization Service

You can manage the Authorization service through four system roles.

The following System roles provide different rights over the Authorization Service:

  • ROLE_ADMIN_CUSTOMER - This role provides full administrative control over operations on tenant data and user access rights to those tenants, within a specified customer scope. This role is for the users who need to manage customers, who could be partners, PS or Customers.
  • ROLE_ADMIN_TENANT - This role provides the administrative rights to operations on tenant data for specified tenants.
  • ROLE_API - This role provides Read access to tenant data and user profiles.
  • ROLE_USER - This role provides Read access to tenant data.
  • ROLE_ADMIN_USER - This role provides Administrative access to Customer user management along with Read access to tenant data.

ROLE_ADMIN_CUSTOMER in Auth Service

The following image shows the available privileges on resources and sub-resources within the Authorization Service in the User Management application in Console for the ROLE_ADMIN_CUSTOMER role:

Permissions Matrix for the ROLE_ADMIN_CUSTOMER role

In the Permissions Framework, these same resources, sub-resources, and permissions would translate to the following information:

Table 1. ROLE_ADMIN_CUSTOMER - Details
Service.Resource.Sub-resource ID Label Allowed Privileges Purpose
auth.globalRoles Reltio Roles READ Managing the Global/System Roles
auth.reltioServices Reltio Services READ Viewing all reltio services
auth.monitoring Monitoring READ Viewing Auth Audit log
auth.customer Customer CREATE/READ/UPDATE/DELETE Managing the Customer users, roles and tenants

ROLE_ADMIN_TENANT in Auth Service

The following image shows the available privileges on resources and sub-resources within the Authorization Service in the User Management application in Console for the ROLE_ADMIN_TENANT role:

Permissions Matrix for the ROLE_ADMIN_TENANT role

In the Permissions Framework, these same resources, sub-resources, and permissions would translate to the following information:

Table 2. ROLE_ADMIN_TENANT - Details
Service.Resource.Sub-resource ID Label Allowed Privileges Purpose
auth.globalRoles Reltio Roles READ Managing the Global/System Roles
auth.reltioServices Reltio Services READ View all reltio services
auth.customer.user Auth Service - Customer - Users CREATE/READ/UPDATE/DELETE All the user management related APIs
auth.customer.SSO Customer SSO CREATE/READ/UPDATE/DELETE Administration of externalProviderConfig which enables SSO via SAML/OIDC protocols

ROLE_API in Auth Service

The following image shows the available privileges on resources and sub-resources within the Authorization Service in the User Management application in Console for the ROLE_API role:

Permissions Matrix for the ROLE_API role

In the Permissions Framework, these same resources, sub-resources, and permissions would translate to the following information:

Table 3. ROLE_API - Details
Service.Resource.Sub-resource ID Label Allowed Privileges Purpose
auth.customer.user.tenants User Tenants READ Read tenant related data
auth.customer.user.profile User Profile READ Read profile related data

ROLE_USER in Auth Service

The following image shows the available privileges on resources and sub-resources within the Authorization Service in the User Management application in Console for the ROLE_USER role:

Permissions Matrix for the ROLE_USER role

In the Permissions Framework, these same resources, sub-resources, and permissions would translate to the following information:

Table 4. ROLE_USER - Details
Service.Resource.Sub-resource ID Label Allowed Privileges Purpose
auth.customer.user.tenants User Tenants READ Read tenant related data
auth.customer.user.profile User Profile READ Read profile related data

ROLE_ADMIN_USER in Auth Service

The following images shows the available privileges on resources and sub-resources within the Authorization service in the User Management application in Console for the ROLE_ADMIN_USER role:

Permissions Matrix for the ROLE_ADMIN_USER role

In the Permissions Framework, these same resources, sub-resources, and permissions would translate to the following information:

Table 5. ROLE_ADMIN_USER - Details
Service.Resource.Sub-resource ID Label Allowed Privileges Purpose
auth.reltioRoles Reltio Roles READ Read access to all the Reltio System roles
auth.reltioServices Reltio Services READ Viewing all reltio services
auth.monitoring Monitoring READ Viewing Auth Audit log
auth.customer.user Users CREATE/READ/UPDATE/DELETE User Management APIs