WebSDK: Create custom permission / role for custom Angular Application

Harrison_Pace · November 23, 2022, 7:37am

What product/components do you use and which version/fix level are you on?

Backend: 1011.0.17
UI: 1011.0.17

Is your question related to the free trial, or to a production (customer) instance?

Production

What are you trying to achieve? Please describe it in detail.

In my custom angular application, I am using the WebSDK UserService to determine what roles a user has. (i.e. userService.currentWithEffectiveRoles())
I want to have a role like ROLE_CUSTOMAPP_FULL for custom business logic. But it doesn’t seem like you can create custom permissions.

For example some users should be able to access parts of the application where some shouldn’t. Right now, the best I could come up with is using User Groups and checking if a User is in a certain group. Is there a way to create custom roles/permissions.

Michael_Voigt2 · November 23, 2022, 8:10am

You need to define custom roles in your cumulocity.json like this:

	"roles": [
		"ROLE_CUSTOMAPP",
		"ROLE_CUSTOMAPP_FULL",
		"ROLE_CUSTOMAPP_READ"
	],

Then you can use the com.cumulocity.microservice.security.service.RoleService to check if the user has the appropriate role assigned:

roleService.getUserRoles().contains("ROLE_CUSTOMAPP_FULL");

HTH

Tristan_Bastian · November 23, 2022, 9:46am

Hi Harrison,

as of right now, the UI is not able to provide any custom permissions. This functionality is only available for microservices.
You can create dummy microservice to provide these roles. This shouldn’t generate any costs for you, as there is actually no microservice running, you will just create an application of type MICROSERVICE. But this will still require the Feature-microservice-hosting subscribed to your tenant.

You can create the dummy microservice by performing a POST to /application/applications, with the following body:

{
  "contextPath": "myapplication",
  "key": "my-application-key",
  "name": "my-application",
  "type": "MICROSERVICE",
  "description": "Dummy microservice to provide custom permissions.",
  "roles": [
      "ROLE_CUSTOMAPP_READ",
      "ROLE_CUSTOMAPP_ADMIN",
      "ROLE_CUSTOMAPP_CREATE",
      "ROLE_CUSTOMAPP_UPDATE"
  ]
}

You can adjust the fields above to your needs.
Once created you should see these additional permissions:

Regards,
Tristan

system · May 22, 2023, 9:47am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to access custom global role in service Cumulocity-IoT , IoT	8	463	June 24, 2024
How to delete a custom permission/role created through microservice Cumulocity-IoT , IoT	4	216	July 1, 2024
Application Permission Issue Cumulocity-IoT , IoT , IoT-Platform	2	498	July 29, 2023
Deleting Custom Permissions on a tenant Cumulocity-IoT , IoT	3	293	May 20, 2023
User Permission to Run c8ycli deploy Cumulocity-IoT , IoT , c8y , CLI	4	28	September 10, 2024

WebSDK: Create custom permission / role for custom Angular Application

What product/components do you use and which version/fix level are you on?

Is your question related to the free trial, or to a production (customer) instance?

What are you trying to achieve? Please describe it in detail.

Related topics