Configure MATRIXX Backoffice Customer Tool Roles

You can configure MATRIXX Backoffice Customer Tool roles to add or remove permissions for each role.

Before you begin

You must have access to the matrixxbct.jar file.

About this task

MATRIXX Backoffice Customer Tool defines the following roles out-of-box.

MTX_ROLE_ADMIN (administrator) — Enables full edit access to MATRIXX Backoffice Customer Tool except for bulk operations.
MTX_ROLE_CSR_MGR (manager) — Enables write access to balances and thresholds in MATRIXX Backoffice Customer Tool.
MTX_ROLE_CSR (customer service representative) — Enables read-only access to MATRIXX Backoffice Customer Tool and allows the user to search for subscriptions.
MTX_ROLE_SIMULATE (simulation) — Enables access to MATRIXX Backoffice Customer Tool usage simulation functionality.
Note: The MTX_ROLE_SIMULATE role is used to demonstrate functionality and should not be assigned to customers.
MTX_ROLE_EVENT — Enables access to viewing subscription, group, and user event data. This role is used in combination with the MTX_ROLE_CSR role.
MTX_ROLE_BULK_OPS — Enables access to viewing a bulk operation configuration and adding and deleting a bulk operation task.

A user can have more than one role. For more information about assigning roles, see the discussion about defining MATRIXX Backoffice Customer Tool users.

On the MATRIXX Backoffice Customer Tool server, code a permissions.json file. By default, this file is located in the /opt/mtx/conf/matrixxbct directory. You can change the location by using the -Dmatrixxbct.asset.location flag.

Procedure

Log into the server as a user with sudo permissions and change to user mtx.
For example:
ssh server_ip_address
sudo su - mtx
Create the permissions.json file with a text editor, such as vi.

Add or remove permissions for each object under each role.

Permissions are enclosed by quotation marks " " and each permission is assigned zero or more actions enclosed by quotation marks " " and separated by a comma. The following actions are possible:

ADD — For example, add subscriptions, groups, or devices.
DELETE — For example, remove subscriptions or subgroups from a group.
EDIT — For example, change a subscription's balance.
VIEW — For example, view a subscription's product offers.
CANCEL — For example, cancel a subscription offer.
CANCEL_WAIVE_CHARGES — Cancel an offer and pay or waive any remaining charges for the offer.
OVERRIDE_ELIGIBILITY — Override an offer's ineligibility and allow the offer to be configured and purchased.

For example, to give managers the permission to add administrators to a group, change the "Group.Administrators": { "ADD"] permission from MTX_ROLE_ADMIN to MTX_ROLE_CSR_MGR.

/opt/mtx/conf/matrixxbct % cat permissions.json  
{
  "MTX_ROLE_ADMIN": {
    "User": [ "ADD", "EDIT" ],
    "User.Subscriptions": [ "ADD", "DELETE" ],
    "User.Subscriptions.Roles": [ "EDIT" ],
    "User.Groups": [ "ADD", "DELETE" ],
    "User.Groups.Roles": [ "EDIT" ],
    "User.Rehome": ["EDIT"],
    "Subscription": [ "ADD", "EDIT" ],
    "Subscription.Billing": [ "EDIT" ],
    "Subscription.Devices": [ "ADD", "EDIT", "DELETE" ],
    "Subscription.Devices.Offers": [ "ADD", "EDIT", "CANCEL", "OVERRIDE_ELIGIBILITY"],
    "Subscription.Users": [ "ADD", "DELETE" ],
    "Subscription.Users.Roles": [ "EDIT" ],
    "Subscription.Offers": [ "ADD", "EDIT", "CANCEL", "CANCEL_WAIVE_CHARGES", "OVERRIDE_ELIGIBILITY" ],
    "Subscription.Payment": [ "EDIT" ],
    "Subscription.PaymentMethods": [ "EDIT", "DELETE" ],
    "Subscription.PaymentSettle": [ "EDIT" ],
    "Subscription.Tasks": [ "ADD", "EDIT" ],
    "Subscription.Rehome": ["EDIT"],
    "Group": [ "ADD", "EDIT" ],
    "Group.Users": [ "ADD", "DELETE" ],
    "Group.Users.Roles": [ "EDIT" ],
    "Group.Billing": [ "EDIT" ],
    "Group.Offers": [ "ADD", "EDIT", "CANCEL", "CANCEL_WAIVE_CHARGES", "OVERRIDE_ELIGIBILITY"],
    "Group.Payment": [ "EDIT" ],
    "Group.PaymentMethods": [ "EDIT", "DELETE" ],
    "Group.PaymentSettle": [ "EDIT" ],
    "Group.Subgroups": [ "ADD", "DELETE" ],
    "Group.Subscriptions": [ "ADD", "DELETE" ],
    "Group.Tasks": [ "ADD", "EDIT" ],
    "Group.Rehome": ["EDIT"],
    "Device": [ "ADD", "EDIT", "DELETE" ],
    "Device.Subscription": [ "ADD" ],
    "Device.Rehome": ["EDIT"],
  },

  "MTX_ROLE_CSR_MGR": {
    "Subscription.Balance": [ "EDIT" ],
    "Subscription.Balance.Transfer": [ "EDIT" ],
    "Subscription.Balance.Threshold": [ "EDIT" ],
    "Subscription.Meter": [ "EDIT" ],
    "Subscription.Meter.EndTime": [ "EDIT" ],
    "Subscription.Meter.Threshold": [ "EDIT" ],
    "Group.Balance": [ "EDIT" ],
    "Group.Balance.Transfer": [ "EDIT" ],
    "Group.Balance.Threshold": [ "EDIT" ],
    "Group.Meter": [ "EDIT" ],
    "Group.Meter.EndTime": [ "EDIT" ],
    "Group.Meter.Threshold": [ "EDIT" ]
  },

  "MTX_ROLE_CSR": {
    "Offer": [ "VIEW" ],
    "User": [ "VIEW" ],
    "User.Subscriptions": [ "VIEW" ],
    "User.Groups": [ "VIEW" ],
    "Device": [ "VIEW" ],
    "Subscription": [ "VIEW" ],
    "Subscription.Devices": [ "VIEW" ],
    "Subscription.Devices.Offers": [ "VIEW" ],
    "Subscription.Users": [ "VIEW" ],
    "Subscription.Offers": [ "VIEW" ],
    "Subscription.Payment": [ "VIEW" ],
    "Subscription.PaymentMethods": [ "VIEW" ],
    "Subscription.Balance": [ "VIEW" ],
    "Subscription.Meter": [ "VIEW" ],
    "Group": [ "VIEW" ],
    "Group.Offers": [ "VIEW" ],
    "Group.Payment": [ "VIEW" ],
    "Group.PaymentMethods": [ "VIEW" ],
    "Group.Subgroups": [ "VIEW" ],
    "Group.Subscriptions": [ "VIEW" ],
    "Group.Users": [ "VIEW" ],
    "Group.Balance": [ "VIEW" ],
    "Group.Meter": [ "VIEW" ]
  } 
,

  "MTX_ROLE_SIMULATE": {
    "Subscription.SimulateUsage": [ "EDIT" ],
    "Subscription.TestPaymentMethods": [ "ADD" ],
    "Group.TestPaymentMethods": [ "ADD" ]
  },
"MTX_ROLE_EVENT": {
    "Subcription.Events": [ "VIEW" ],
    "Group.Events": [ "VIEW" ],
    "User.Events": [ "VIEW" ]
  },
"MTX_ROLE_BULK_OPS": {
    "BulkOps": [ "VIEW", "DELETE", "ADD" ]
  }
}

Note: You must explicitly grant each role you want the user to have. To grant a user permission to create subscriptions, assign them the MTX_ROLE_ADMIN role. If you want the user to be able to adjust balances, assign the user the MTX_ROLE_CSR_MGR role.

See the discussion about the permissions.json file for a complete list of out-of-box roles and their permissions.

Save and close the file.
(Optional) In addition to the permissions listed in permissions.json, you can add additional permissions to be picked up by placing a similar file in /opt/mtx/conf/matrixxbct. This will overlay that information onto the permissions.json file. For example, grant the permission to view device sessions on the subscription page to users with the MTX_ROLE_ADMIN role by adding the following:
```
$ cat /opt/mtx/conf/matrixxbct/permissions.json 
{
  "MTX_ROLE_ADMIN": {
    "Subscription.Devices.Sessions": [ "VIEW", "DELETE" ]
  }
}
```
Deploy MATRIXX Backoffice Customer Tool.

What to do next

You must log out of MATRIXX Backoffice Customer Tool and log in again to see the changes.