Using the same partner admin credentials, follow the steps below so that the user can be configured with POLICYMANAGER role too.
Steps to configure POLICYMANAGER role in keycloak:
Go to keycloak and search your 'User-Name' in Users tab.
Go to the Role Mapping tab.
In the Available Roles section, select 'Policy Manager', click Add to move the selected role to the Assigned Roles list.
Log in to the PMS portal with the same user credentials, you should now have access to the Admin Dashboard with 'Policies' card accessible for use.
Note:
Both PARTNER_ADMIN and POLICYMANAGER roles are necessary for Policies card to appear on Admin dashboard UI.
Therefore add Policy Manager role when you want that the 'Policies-Card' should also get enabled for you and turn you into a 'Policy Manager' as well.
If only PARTNER_ADMIN role would have been configured, only the following cards would have been displayed:
This card is accessible for roles Partner Admin and Policy Manager.
In UI- both PARTNER_ADMIN and POLICYMANAGER roles should be granted for the card to appear in the dashboard.
As a partner admin cum policy manager - creation and management of Policy Group, Authentication Policy, Datashare Policy is enabled within Policies card.
Note:
If only 'Policy Manager' role is configured in keycloak, then the user will still be able to access the portals as a normal partner. Hence both; 'Partner Admin' & 'Policy Manager' roles are necessary to access all the cards/privileges above.
Important:
After configuring the roles and if PMS portal is still logged in, make sure to logout and login again for the roles to get updated.
You can use the 'Policies' to create and manage Policy Group, Authentication Policy and Datashare (You should have privileges of both; Partner Admin and Policy Manager).
The 'Policies' section is accessible to you only if both Partner Admin and Policy Manager roles are allocated to you and also the 'Policies' card will appears enabled on the the dashboard.
Policy Group, (This tab is selected by default)
Authentication Policy,
Datashare Policy
Policy Group
Policy Group tab allows you to do following:
View Policy Group
List view
Details View
Create Policy Group
Deactivate Policy Group
Authentication Policy
View Authentication Policy
List view
Details View
Create Authentication Policy (by mapping to an already created Policy Group)
Deactivate Authentication Policy
Clone Authentication Policy
Edit Authentication Policy (Which is in draft status)
Publish Authentication Policy (Which is in draft status so that the status changes to 'Activated')
Datashare Policy
View Datashare Policy:
List view
Details view
Create Datashare Policy
Deactivate Datashare Policy
Clone Datashare Policy
Edit Datashare Policy (Which is in draft status)
Publish Datashare Policy (Which is in draft status so that the status changes to 'Activated')
List View - Policy Groups
All the policy groups created so far by Partner Admin / Policy Manager are displayed on 'List of Policy Groups' page.
Details View - Policy Group
Admin can either click on 'Go Back' to redirect to 'List of Policy Groups' page as shown below or click on 'Home' to navigate back to Home page/ dashboard.
The options provided in 'Action menu are: View, Deactivate.
Clicking on View in action menu or by clicking the row item itself, admin is navigated to View Policy Group page where the policy group details are displayed along with its status: Activated or Deactivated.
Create Policy Group
On clicking the 'Create Policy Group' option on the top right of the screen, we can create a Policy Group by providing suitable name and description that is self explanatory for partners, who would be selecting them during Partner Policy Request to create API Key / OIDC Client [etc]{.mark}.
On click of Submit, a success message appears.
Deactivate Policy Group
If the admin wants to deactivate the Policy Group, then click on Deactivate option in action menu.
A popup window appears seeking for confirmation before proceeding to deactivate.
After confirming deactivation, the respective record is greyed out in the tabular view.
The action menu here [should be]{.mark} enabled with only View option. (Deactivate in action menu is disabled).
After deactivation, the View policy group page MOSIP-36963 will display 'Deactivated' status
Once the policy group is deactivated by Policy Manager, the partner will not be able to fetch this policy group in any of the screens in their [PMS portal]{.mark}.
Note:
Policy Group cannot be deactivated if there are active or draft policies associated to the given policy group.
If the Policy Group has active or draft policy / policies associated to it, then on clicking Confirm, following error message is displayed along with the count of such policies -
a) In case of Active and Draft policies associated to Policy Group:
b) In case of Active policies associated to Policy Group:
c) In case of Draft policies associated to policy group:
On clicking Authentication Policy tab, List of all previously created Authentication Policies are displayed.
On clicking Datashare Policy tab, List of all previously created Datashare Policies are displayed.
Note:
The steps and features are same for both Authentication and Datashare Policy.
Policies can have the following status - Draft, Activated or Deactivated.
Only Draft or Activated row items are clickable which [navigates]{.mark} to View Authentication Policy details.
Action - Action menu displays a common menu item (View, Clone, Deactivate) with only the following menu items enabled for clicking based on below statuses:
Draft: Publish, View, Edit
Activated: View , Clone , Deactivate
Deactivated: View
Create Authentication Policy
On clicking 'Create Authentication Policy' button, Partner Admin / Policy manager is navigated to Create Authentication Policy page where details such as policy group, policy name, description etc will have to be entered.
Note:
Only active policy groups are available in the policy group dropdown.
Click on the upload button to upload policy data. Only json files are allowed for upload.
Before saving the policy in draft, the policy data can be edited in the text area after policy data json file has been successfully uploaded.
On clicking on Save as Draft, following success message appears.
On clicking 'Go Back', admin is navigated back to List view where the policy is saved as 'draft' status.
The Edit option provided to Draft policy can be used by admin to make any changes in the policy details (except policy group) before publishing the policy.
On submitting after making required changes, a success message appears.
To publish policy which is currently in draft status, click on 'publish' option in action menu. A popup window appears seeking for confirmation to publish.
On clicking Publish, a success message appears . Click on close to close the window.
The given policy changes to 'Activated' status after being published. Once activated, the admin cannot edit the policy, hence the option is disabled.
Clone Policy
To clone any active policy onto another policy group, click on 'clone' in action menu. A popup window appears to select the policy group where the policy has to be cloned.
On selecting the policy group where policy has to be cloned, click on Clone and a success message appears.
Click on Close to navigate back to List of Authentication Policies screen.
Deactivate Policy
To deactivate a policy, click on Deactivate option in action menu of any activated policy record. A popup window appears seeking for confirmation.
Note:
If the Policy has active partners associated to it i.e. there are Approved partner policy requests, then on clicking Confirm, following error message is displayed and the admin will be restricted to deactivate such policy groups.
Note:
Policy can be deactivated if there are no policy requests associated with this policy.
Policy can be deactivated if there are Rejected policy requests associated with this policy.
Policy cannot be deactivated if there are pending policy requests associated with this policy. In this case , following error message is displayed- '<title> Error: Partner - Policy Request Detected! <Description> Pending policy requests are associated with this policy. Please take appropriate action in List of Partner Policy Linking screen'.
Once the policy is deactivated by partner admin/policy manager, the partner will not be able to fetch this policy in any of the screens in their PMS portal.
Viewing Policy
On clicking View option of any policy or by clicking the row item itself, admin is navigated to View Authentication Policy where policy details can be viewed. Also click on preview to view the policy data in json format.
On clicking preview, policy data can be viewed in json format and an option to Download the data in local system is provided.
The features provided to Partner Admin:
Approve/ Reject Policy requested by partner - clicking on 'Approve/ Reject' option in action menu of a policy record whose status is in pending for approval
Tabular view of Policies requested by partners along with the status
View individual policy request details : Either on clicking on view option in action menu of any of the active policy request in the tabular view or by clicking on the row item itself, it navigates to View Policy Request details page.
All the policy requests created by various partners are displayed in 'List of Partner - Partner Linkages' . The different statuses possible are: Pending for Approval, Approved, Rejected, Deactivated.
The options provided for policy linking requests in 'Pending for Approval' are to Approve/ Reject. Also an option to view the policy request details is also provided.
On clicking the Approve/ Reject option, the window appears - and partner admin can click on either Approve or Reject to take appropriate action
The status- Approved / Rejected gets updated in the tabular view.
On clicking view of active record or the row item itself, the partner- policy linking view page is displayed along with comment history where partner comments and admin's approval status is displayed.
