Adapting Changes in Administration Roles

Below is the list of admin roles:

  • GLOBAL_ADMIN

  • ZONAL_ADMIN

  • REGISTRATION_ADMIN

  • MASTERDATA_ADMIN

  • KEY_MAKER

GLOBAL_ADMIN
ZONAL_ADMIN
REGISTRATION_ADMIN
MASTERDATA_ADMIN
KEY_MAKER

Centers

Centers

Packet Status

Devices

GenerateMasterKey

User Zone Mapping

Devices

Pause/ Resume RID

Machines

GenerateCSR

All Master Data

Machines

Retrieve Lost RID

All Master Data

GetCertificate

Masterdata Bulk Upload

User Zone Mapping

Packet Bulk Upload

Masterdata Bulk Upload

UploadCertificate

Packet Bulk Upload

User Center Mapping

UploadCertificate

GenerateCSR

UploadOtherDomainCertificate

GenerateCSR

All Master Data

Upload OtherDomainCertificate

Devices

GetCertificate

Masterdata Bulk Upload

Machines

UploadCertificate

GenerateCSR

Upload OtherDomainCertificate

UploadCertificate

Upload OtherDomainCertificate

Packet Bulk Upload

Here:

Green- colored represent persisted roles.

Blue- colored cells represent newly added roles.

Red- colored cells represent removed roles.

How to adjust the role accessibilities for existing users after upgrading to 1.2.0.1-x from 1.1.5.5-P1?

For a user having GLOBAL_ADMIN role:

  • If a GLOBAL_ADMIN user is performing Certificate related operations then KEY_MAKER role need to be added to that user.

  • If a GLOBAL_ADMIN user is performing Packet Bulk Upload then REGISTRATION_ADMIN role need to be added to that user.

For a user having ZONAL_ADMIN role:

  • If a ZONAL_ADMIN user is performing Certificate related operations then KEY_MAKER role need to be added to that user.

  • If a ZONAL_ADMIN user is performing Packet Bulk Upload then REGISTRATION_ADMIN role need to be added to that user.

For a user having REGISTRATION_ADMIN role:

  • If a REGISTRATION_ADMIN user is performing Certificate related operations then KEY_MAKER role need to be added to that user.

For a user having MASTERDATA_ADMIN role:

  • If a MASTERDATA_ADMIN user is performing GenerateCSR then KEY_MAKER role need to be added to that user.

  • If a MASTERDATA _ADMIN user is performing Packet Bulk Upload then REGISTRATION_ADMIN role need to be added to that user.

Note: A few new permissions were added to MASTERDATA_ADMIN and KEY_MAKER roles, please refer to the above role matrix table and if there is any inconsistency in the accessibility or roles of existing user, please reassign the roles to the user accordingly.

Last updated

Copyright © 2021 MOSIP. This work is licensed under a Creative Commons Attribution (CC-BY-4.0) International License unless otherwise noted.