Implementation Guide for Oracle Billing Insight > Customizing User Management >

Adding a New User Role

You can add a new user role to define and control user access to resources in the applications. For details about preconfigured user roles and permissions in Oracle Billing Insight, see About Resource Authorization.

To add a new user role for your organization

1. Add the new role to the OLTP.EDX_BSL_AUTH_SECROLE table. For the Type field, specify B2B, B2C, or CSR. Oracle Billing Insight does not use the other fields, which are optional.

   User roles in this table are displayed in the role drop-down list.

2. Map the new user role to a principal role, which serves as an alias for the user role:
   1. Open the azcfg.properties file, located in the following directory:
      • UNIX. EDX_HOME/config
      • Windows. EDX_HOME\config
   2. Add a com.edocs.common.security.rolemappers.secrole statement mapping the new principal role (alias) with the new user role, as shown in the following preconfigured statements in the file:

   com.edocs.common.security.rolemappers.secrole.ALL_USERS=Admin,User,PayerManager,Manager,Subscriber,CSR,CSRAdministrator
   com.edocs.common.security.rolemappers.secrole.ADMIN=Admin
   com.edocs.common.security.rolemappers.secrole.MANAGER=Manager
   com.edocs.common.security.rolemappers.secrole.PAYERMANAGER=PayerManager
   com.edocs.common.security.rolemappers.secrole.SUBSCRIBER=Subscriber
   com.edocs.common.security.rolemappers.secrole.CSR=CSR
   com.edocs.common.security.rolemappers.secrole.CSR_ADMIN=CSRAdministrator
   com.edocs.common.security.rolemappers.secrole.ALL_USERS_EXCLUDE_SUBSCRIBER=Admin,User,PayerManager,Manager,CSR,CSRAdministrator
   com.edocs.common.security.rolemappers.secrole.B2C=User
   com.edocs.common.security.rolemappers.secrole.CSRMERCHANT=Merchant

   3. To map the new user role to any of the existing principal roles (assigning it the same resource permissions assigned to the principal role in the azpolicy.xml file), add it to the end of that mapping statement, using a comma to separate it from the other user roles in the line.
3. Assign the newly defined principle role to one or more existing resource permission sets:
   1. Open the azpolicy.xml file, located in the following directory:
      • UNIX. EDX_HOME/config/azcfg/policy
      • Windows. EDX_HOME\config\azcfg\policy
   2. Add the new principal role (alias) to the list of values for each permission set that you'd like to grant the role, separated by a comma.

      The following example shows the perm_CompanyGeneral permission group, which controls access to the Company tab functionality:

   <permission>
   <name>perm_CompanyGeneral</name>
   <!-- Define the name of a resource.-->
   <cpath>com.edocs.common.security.authorize.az.permissions.EBillingPermission</cpath>
   <rule>
   <name>admin</name>
   <!--Defines the name of the rule -->
   <type>SecurityRole</type>|
   <!-- Type of the rule -->
   <values>ADMIN,MANAGER,PAYERMANAGER,CSR,CSR_ADMIN</values>
   <!-- The role(s) which can access this resource, comma separated. Note it can be an alias defined in azcfg.properties -->
   </rule>
   </permission>

4. Also in the azpolicy.xml file you can optionally set permissions based on context attributes. The permission is granted by a rule based on attribute value, for example:

   <permission>
   <name>perm_PostPay</name>
   <cpath>com.edocs.common.security.authorize.az.permissions.
   EBillingPermission</cpath>
   <rule>
   <name>PostPay</name>
   <type>ContextAttribute</type>
   <matchKey>postPay</matchKey>
   <values>true</values>
   </rule>
   </permission>

   The following requirements must be met:

   • The <type> must be ContextAttribute.
   • In <matchKey>, specify the parameter passed into the permission engine, azEngine.
   • Specify the granted parameter value in <values>.