WebSDK: Create custom permission / role for custom Angular Application

What product/components do you use and which version/fix level are you on?

Backend: 1011.0.17
UI: 1011.0.17

Is your question related to the free trial, or to a production (customer) instance?

Production

What are you trying to achieve? Please describe it in detail.

In my custom angular application, I am using the WebSDK UserService to determine what roles a user has. (i.e. userService.currentWithEffectiveRoles())
I want to have a role like ROLE_CUSTOMAPP_FULL for custom business logic. But it doesn’t seem like you can create custom permissions.

For example some users should be able to access parts of the application where some shouldn’t. Right now, the best I could come up with is using User Groups and checking if a User is in a certain group. Is there a way to create custom roles/permissions.

You need to define custom roles in your cumulocity.json like this:

	"roles": [
		"ROLE_CUSTOMAPP",
		"ROLE_CUSTOMAPP_FULL",
		"ROLE_CUSTOMAPP_READ"
	],

Then you can use the com.cumulocity.microservice.security.service.RoleService to check if the user has the appropriate role assigned:

roleService.getUserRoles().contains("ROLE_CUSTOMAPP_FULL");

HTH

Hi Harrison,

as of right now, the UI is not able to provide any custom permissions. This functionality is only available for microservices.
You can create dummy microservice to provide these roles. This shouldn’t generate any costs for you, as there is actually no microservice running, you will just create an application of type MICROSERVICE. But this will still require the Feature-microservice-hosting subscribed to your tenant.

You can create the dummy microservice by performing a POST to /application/applications, with the following body:

{
  "contextPath": "myapplication",
  "key": "my-application-key",
  "name": "my-application",
  "type": "MICROSERVICE",
  "description": "Dummy microservice to provide custom permissions.",
  "roles": [
      "ROLE_CUSTOMAPP_READ",
      "ROLE_CUSTOMAPP_ADMIN",
      "ROLE_CUSTOMAPP_CREATE",
      "ROLE_CUSTOMAPP_UPDATE"
  ]
}

You can adjust the fields above to your needs.
Once created you should see these additional permissions:

Regards,
Tristan