Configure Roles¶
In the OIDC identity provider, roles are configured to which the users will be assigned. In the configuration of the seal-operator-server and seal-operator-fileupload services, the permissions for the database entities are mapped to these roles. The specific permissions depend on the OIDC client.
The following OIDC clients are available in connection with SEAL Operator:
-
seal-print-clientfor SEAL Print Client -
seal-opclifor SEAL OP-CLI
The mapping of the permissions and the roles is specified with the following key:
ALLOWED_OIDC_CLIENTS: Mapping of permissions to roles specified in the OIDC identity provider
In the preconfigured Keycloak from SEAL Systems, techuser is available as role and used in the example below.
Example - techuser role with right for impersonation on all entities
{
"seal-print-client": {
"roles": {
"seal-print-client-user": {},
"techuser": {
"areas": {
"documents": {
"set-impersonate": {
"views": ["ALL"],
"permissions": ["impersonate"]
}
},
"lists": {
"set-impersonate": {
"views": ["ALL"],
"permissions": ["impersonate"]
}
},
"tasks": {
"set-impersonate": {
"views": ["ALL"],
"permissions": ["impersonate"]
}
},
"configuration": {
"set-impersonate": {
"views": ["ALL"],
"permissions": ["impersonate"]
}
},
"sessions": {
"set-impersonate": {
"views": ["ALL"],
"permissions": ["impersonate"]
}
},
"panels": {
"set-impersonate": {
"views": ["ALL"],
"permissions": ["impersonate"]
}
}
}
}
}
}
}