3.5.1 Specify the Admin Role in YAML file

Create and assign the administrator role to users in your identity provider. After creating the admin role, update the YAML file with the name of the admin role.

Administrators can use the MicroTx console and MicroTx REST APIs to view and manage all transactions. Other users can manage and view only the distributed transactions that they have initiated; they cannot view the transactions initiated by other users.

1. Create an administrator role in your identity provider.

   Note down the name of the role. You will need to provide this as the value of the tmmConfiguration.identityProvider.adminUserRoles property in the values.yaml file.

2. Assign the administrator role to users.
   For information about creating administrator role and assigning it to a user, refer to your identity provider documentation.
3. Note down the path to the administrator role from the JWT access token. You will provide this value for the adminUserRolesPath property in the values.yaml file.
   • The following sample code snippet provides the role paths in the JWT access token for Oracle IDCS. For JWT token in Oracle IDCS, the roles are present under userAppRoles. Based on the sample provided below the value for the adminUserRolesPath property, in the values.yaml file, is userAppRoles.

     "userAppRoles": [
         "Identity Domain Administrator"
       ]

   • The following sample provides the role paths in the access token for Keycloak. Based on the sample provided below the value for the adminUserRolesPath property, in the values.yaml file, is realm_access, roles.

     # Admin role path in the JWT token from root.
         # Ex: For keycloak payload, roles are present under realm_access
         # {
         #   "realm_access": {
         #     "roles": [
         #       "admin"
         #     ]
         #   }
         # }