Implementation Guide for Oracle Billing Insight > Customizing User Management >

Adding a New Permission Set

You can add new permissions in Oracle Billing Insight, creating a unique set of application resource privileges.

To add a new permission set

1. Open the azpolicy.xml file, located in the following directory:
   • UNIX. EDX_HOME/config/azcfg/policy
   • Windows. EDX_HOME\config\azcfg\policy
2. Add the new permission set authorization XML to the file, using the existing permission authorizations as a guide. Assign principal roles to grant access to those users.
3. Follow these steps to authorize access to application URLs:
   1. Open the security.xma.xml file, located in the following directory:
      • UNIX. EDX_HOME/xma/config/modules/security
      • Windows. EDX_HOME\xma\config\modules\security
   2. Add the new permission to the appropriate application URL mappings:
      • Self-Service application. Add the permission group to the AuthorizeMappingManager bean.
      • Assisted Service application. Add the permission group to the CSRAuthorizeMappingManager bean.

        The bean XML in the security.xma.xml file is shown here:

   <bean id="AuthorizeMappingManager" class="com.edocs.common.security.authorize.AuthorizeMappingManager" scope="singleton">
   <property name="URLmapping"><value>/usermanagement/CompanyProfile_browse.action.*|/contact/Contact_browseCCL.action.*|/contact/Contact_displayUploadCCL.action.*|/contact/Contact_uploadCCL.action.*=perm_CompanyGeneral
   ........
   </value></property> </bean>
   <bean id="CSRAuthorizeMappingManager" class="com.edocs.common.security.authorize.AuthorizeMappingManager" scope="singleton">
   <property name="URLmapping"><value>
   /CSR_login.jsp.*|/index.jsp.*|/validate.action.*|/csrLogin.action.*|/verifyEnrollment.action|/secQuestion.*.action|/ForgotPassword.action.*|/ResetPwd.*.action.*|/ResetPwdConfirm.*.action.*|/logout.action.*|/migratedCSRShow.action.*|/migratedCSRUser.*.action.*|/migratedUserShow.action.*|/migratedUserProfile.*.action.*|/resetExpPwdConfirm.*.action.*|/_assets/.*|/struts/.*|/accessDenied.action.*=IS_AUTHENTICATED_ANONYMOUSLY
   ........
   </value></property> </bean>

4. Follow these steps if you want to authorize a particular UI component:
   1. Surround the code or resources you want to authorize with a tag called <authz:authorize>. For example, the following code controls access to the Company Profile subtab:

   <authz:authorize ifAnyGranted="perm_CompanyGeneral">
   <li><a href="${ctx}/${usermanagement}/CompanyProfile_browse.action" title="<s:text name="global.mainNavTab1.subNav3"/>">
   <s:text name="global.mainNavTab1.subNav3"/></a></li></authz:authorize>

   2. Separate multiple permissions by commas in the ifAnyGranted attribute. If any of the permissions in the list are granted, then the body of the tag is written.

      The authz:authorize tag can have the following attributes:

      • ifAllGranted. All the listed permissions must be granted for the tag to output its body.
      • ifAnyGranted. Any of the listed permissions must be granted for the tag to output its body.
      • ifNotGranted. None of the listed permissions must be granted for the tag to output its body.
5. Invoke the com.edocs.common.api.security.authorize.IAceessManager authorization in the Java code, for example:

   IUser user = userSession.getUser();

   //get an AccessManager instance

   IAccessManager accessMgr =SecurityFactory.getAccessManager(user .getUserId());

   Map ctxParameters = new HashMap();

   Boolean prepay=userSession.getAttribute("PREPAY")!=null?(Boolean)userSession.getAttribute("PREPAY"):false;

   String[] values = {((Boolean)!prepay).toString()};

   ctxParameters.put("postPay",values);

   //do authorize by AZEngine

   boolean isAuthorized= isaccessMgr.checkAccess("perm_PostPay", ctxParameters);