About CMP Role-Based Security
CMP
Converged Monetisation Platform. The MDS Global product that supports customer care and billing for digital service providers. employs a multi-level role-based security model in which each user A person with the capability to log in to the CMP GUI software, such as a customer service advisor or agent. who has rights to access a CMP component is assigned zero or more roles that define which functional area or resource they can access once they are successfully authenticated.
Roles can give access to:
- Functionality - such as adding subscribers or configuring communications.
- Applications - roles can allow users to login to particular applications, such as AgentView The graphical user interface of the CMP that is typically used by Customer Service Agents to access CMP customer and billing data. In versions prior to CMP 8.0, this was called the CMP GUI. or Business Configuration A module in the CMP Administation console that provides for viewing and modification of business and user applicable system configuration..
- Web Services - roles can govern which SOAP or RESTful web services Web services that are based on Representative State Transfer (REST) architecture principles, and are therefore designed to work best on the Internet, being lightweight, maintainable, and scalable. CMP provides RESTful web services to access much of CMP functionality. can be used or viewed by a user.
Roles are organised in a hierarchy:
Groups
Groups are the roles at the topmost level of the hierarchy and represent different types of users, for example Customer In the context of the Cloud Monetisation Platform, an individual or organisation who has signed an agreement to take goods and services from a service provider. A customer receives a bill associated with one or more subscriptions, and can be a single end user or a large company with many subscriptions assigned to one agreement. Service Agent (CSA Customer Service Agent, Advisor, or Assistant.
A (usually) customer-facing role in telecommunications, such as an agent in a call centre. Variations include CSR (Customer Service Representative) or CEA (Customer Experience Agent)) or Manager. CMP has a number of different groups for the different features within the different components of CMP, such as Business Configuration, batch server, web services, AgentView and so on. For more information, see Security Groups. A group In the Customer Manager Platform hierarchy, the highest level of the structure. The group level can be used to group corporates. Groups can hold financial information. can include zero or more parent roles.
Parent roles
Parent roles group other roles and represent functional areas, for example functional areas in AgentView such as View Customer Data, Comms or Enterprise Orders. A parent group comprises zero or more roles.
Roles
Roles represent distinct functionality on a more granular level, for example the Comms parent role includes the roles Maintain Communications, Send Communications and View Communications.
Example
Suppose user JoeSmith has three group roles assigned:
- Everybody
- Consumer User
- BackOffice
For the purposes of this example, the Everybody role is not extended any further, but the Consumer User and BackOffice groups each have parent roles assigned. Both groups have an Agent View Application role that allows access to an application and is not extended any further - that is, it has no child roles assigned to it. However, the two groups also have parent roles:
- Consumer User has the parent role View Customer Data.
- BackOffice has the parent role Problem Resolution and Comms.
Each of these parent groups has a number of roles assigned as children. For example, the Comms parent role has the following child roles:
- Maintain Communications.
- Send Communications.
- View Communications.
The hierarchy of group, parent and child roles is as follows:
From a CMP perspective, the list of roles associated with the JoeSmith are those coloured teal in the diagram.
Groups are controlled by the Identity Server. The relationship between groups and roles is defined by the role-extender service. For more information, see Security Technical Architecture.