4.2.5.3 Role Mapping for MicroTx Workflows

Under commonConfiguration.security.identityProvider.roleMappings.workflow, map MicroTx Workflows role-based access control (RBAC) roles to corresponding identity provider realm roles.

MicroTx Workflows manages a set of internal roles to control access to system capabilities and resources. These roles govern what users and service accounts can see and do within the system, based on the assigned responsibilities. The following table provides details about the internal roles defined in the product under roles.

Property	Description
claimsRolePaths	Dot-separated path in the JWT token to extract realm roles. For example, realm_access.roles for Keycloak.
roles.superAdmin	Super user with all control capabilities across all logical groups.
roles.admin	Full access to all resources and administrative functions within the logical group.
roles.user	Capability to view or initiate the workflow and task definitions.
roles.readOnlyUser	View-only access to workflow or task definitions and instances.
roles.metadataManager	Access to workflow or task definition creation, update, deletion, and workflow initiation.
roles.worker	Service credential for polling and updating tasks.

Sample Code

The following code snippet provides sample values for the roleMappings field in the values.yaml file.

roleMappings:
  workflow:
    claimsRolePaths: "realm_access.roles"
    roles:
      superAdmin: "microtx-conductor-super-admin"
      admin: "microtx-conductor-admin"
      user: "microtx-conductor-user"
      readOnlyUser: "microtx-conductor-read-only-user"
      metadataManager: "microtx-conductor-metadata-manager"
      worker: "microtx-conductor-worker"