Productization
Products
Productize and Package your services with different access controls, rules and configuration and offer them to different clients. When new tenants are created and if they require access to services that you already created, simply grant the new tenants access to the the products you created at an early stage, no need to rewrite the service or modify the code so that the new tenant can use it. The following table explains what the product properties are and their purpose:
| Property Name | Property Type | Description |
|---|---|---|
| CODE | String | Product Code, alphanumeric up to 5 characters and unique. |
| Name | String | Product Name for informative purposes. |
| Description | String | Product Description for informative purposes. |
| packages | Array | Product Package Array contains the list of packages this product has. |
| scope | Object | ACL object that defines the access level scope of the product |
Packages
Products have packages and these packages contain the access levels applied to the services. When instructing a product to use a certain service, you need to create a package in that product and in that package's acl, specify the ACL configuration over the service you want. The following table explains what the packages are made of and the purpose of their properties:
| Property Name | Property Type | Description |
|---|---|---|
| CODE | String | Package Code, alphanumeric up to 5 characters and unique. |
| Name | String | Package Name for informative purposes. |
| Description | String | Package Description for informative purposes |
| _TTL | Timestamp | Package Caching time limit. Once limit is exceeded, the package is refreshed. |
| acl | Object | Package Access Level Object, contains permissions over services as explained in Access Levels section. |
Package the service with different permissions and access controls as we explained in Access Levels section and offer it as commercial products. Every product contains a list of packages where the default access level of our service APIs are defined. Each Package offers a variety of access levels on the service APIs. If a service is contained in a package, then this product offers the ability to use this service. When specifying the access level over a service, you can grant access to the whole service or add some restrictions.
Code Sample
var product1 = {
"_id": "5512867be603d7e01ab1688d",
"locked": true,
"code": "DSBRD",
"name": "Console UI Product",
"description": "This is the main Console UI Product.",
"scope": {
"acl": {
"dashboard": {
"urac": {
"2": {
"access": true,
"apisPermission": "restricted",
"get": [{
"group": "Administration",
"apis": {
"/admin/all": {
"access": true
},
"/admin/listUsers": {
"access": true
},
"/admin/changeUserStatus": {
"access": true
},
"/admin/group/list": {
"access": true
}
}
}, {
"group": "My Account",
"apis": {
"/account/getUser": {
"access": true
}
}
}, {
"group": "Guest Password Settings",
"apis": {
"/forgotPassword": {
"access": false
}
}
}, {
"group": "Guest Email Validation",
"apis": {
"/changeEmail/validate": {
"access": true
}
}
}],
"post": [{
"group": "My Account",
"apis": {
"/account/changeEmail": {
"access": true
},
"/account/changePassword": {
"access": true
},
"/account/editProfile": {
"access": true
}
}
}, {
"group": "Administration",
"apis": {
"/admin/addUser": {
"access": true
},
"/admin/editUser": {
"access": true
},
"/admin/group/add": {
"access": true
},
"/admin/group/edit": {
"access": true
}
}
}, {
"group": "Guest Password Settings",
"apis": {
"/resetPassword": {
"access": false
}
}
}],
"delete": [{
"group": "Administration",
"apis": {
"/admin/group/delete": {
"access": true
}
}
}]
}
},
"dashboard": {
"1": {
"access": false,
"post": [{
"group": "Continuous Delivery Deployment",
"apis": {
"/cd/deploy": {
"access": false
}
}
}]
}
},
"oauth": {
"1": {
"access": true,
"apisPermission": "restricted",
"delete": [{
"group": "Tokenization",
"apis": {
"/refreshToken/:token": {
"access": true
},
"/accessToken/:token": {
"access": true
}
}
}, {
"group": "User Tokenization",
"apis": {
"/tokens/user/:userId": {
"access": true
}
}
}, {
"group": "Cient Tokenization",
"apis": {
"/tokens/tenant/:clientId": {
"access": true
}
}
}],
"post": [{
"group": "Tokenization",
"apis": {
"/pin": {
"access": true
}
}
}, {
"group": "Guest",
"apis": {
"/token": {
"access": false
}
}
}],
"get": [{
"group": "Guest",
"apis": {
"/authorization": {
"access": false
}
}
}]
}
}
}
},
},
"packages": [
{
"code": "DSBRD_GUEST",
"name": "Guest",
"locked": true,
"description": "This package is used to provide anyone access to login and forgot password.",
"acl": {
"dashboard": {
"urac": [{
"version": "2",
"post": ["Guest Password Settings"],
"get": ["Guest Password Settings", "Guest Email Validation"]
}]
}
},
"_TTL": 604800000
},
{
"code": "DSBRD_DEVOP",
"name": "DevOps",
"locked": true,
"description": "This package has the right privileges a DevOps user will need to be able to configure, control, and monitor what is happening across the board.",
"acl": {
"dashboard": {
"oauth": [{
"version": "1",
"delete": ["Tokenization", "User Tokenization", "Cient Tokenization"],
"post": ["Tokenization", "Guest"],
"get": ["Guest"]
}],
"urac": [{
"version": "2",
"get": ["Guest Email Account Settings", "Tenant", "My Account", "Guest Password Settings", "Guest Email Validation"],
"post": ["My Account", "Guest Password Settings"]
}],
"dashboard": [{
"version": "1",
"get": ["Continuous Delivery", "Environment", "Templates", "Environment Databases", "Resources", "Custom Registry", "Environment Platforms"],
"post": ["Continuous Delivery", "Environment", "Environment Databases", "Resources", "Custom Registry", "Environment Platforms"],
"put": ["Continuous Delivery", "Environment", "Environment Databases", "Resources", "Custom Registry"],
"delete": ["Environment", "Environment Databases", "Resources", "Custom Registry", "Environment Platforms"]
}]
}
},
"_TTL": 604800000
},
{
"code": "DSBRD_DEVEL",
"name": "Developer",
"locked": true,
"description": "This package is ideal for a developer. You are not giving much access but yet it is enough to sail and fast.",
"acl": {
"dashboard": {
"oauth": [{
"version": "1",
"delete": ["Tokenization", "User Tokenization", "Cient Tokenization"],
"post": ["Tokenization", "Guest"],
"get": ["Guest"]
}],
"urac": [{
"version": "2",
"get": ["My Account", "Tenant", "Guest Email Account Settings", "Guest Password Settings", "Guest Email Validation"],
"post": ["My Account", "Guest Password Settings"]
}],
"dashboard": [{
"version": "1",
"get": ["Continuous Delivery", "Environment", "Templates", "Environment Databases"],
"post": ["Continuous Delivery", "Environment", "Templates", "Environment Databases", "Resources"],
"put": ["Continuous Delivery", "Environment", "Environment Databases"],
"delete": ["Environment", "Templates", "Environment Databases", "Resources", "Custom Registry"]
}]
}
},
"_TTL": 21600000
}
]
};
The above code snippet illustrates one product record named DSBRD and this product has 3 packages.
- DSBRD_GUEST has "urac" in its ACL property only, and that means it offers access to that service only.
- DSBRD_DEVOP has 3 services in its ACL and therefore, using this package means both these services are available.
- DSBRD_DEVEL has 3 services in its ACL and therefore, using this package means both these services are available.
- Section Access Levels explains how to configure the ACL in depth.
This product is stored in the database after it is created, and it is used by different tenants to grant them access to services. Product records are located in products collection under core_provision database.