Role Extender

The authorisation implementation in many parts of CMP Converged Monetisation Platform. The MDS Global product that supports customer care and billing for digital service providers. uses very granular level roles for maximum flexibility and future proofing. It would be too cumbersome to have to grant access to all of these granular roles directly to users. A number of granular roles are therefore mapped to a higher level business roles and access is granted to these business roles.

The Role Extender, executing in Spring Boot, takes a role to which access has been granted in the Identity Server and returns the full list of lower level roles that this maps to. CMP components use roles to which that access has been directly granted and the corresponding extended lists of roles returned by the Role Extender to determine whether to allow an action to be performed.

The mapping of business roles to granular roles is factory configuration that is not designed to be modified when CMP is installed.