Contour WebApp Bootstrap
When the Contour Web App starts for the first time (e.g. after deployment), the app loads file bootstrap.json
(if any) placed under the app directory (e.g. /opt/api-service
), which allow bootstrapping Roles
and Users
without having to create manually afterwards.
Bootstrap Roles
The json template of a role definition:
isSuperAdmin
: true|false, whether this role is the built-in application administrator that have highest privilegesname
: string, name of the role, e.g.DC Maker
ldapGroup
: string, name of the AD group to be mapped to this role if Single-sign-on is enabled with either LDAP or SAML2.0, e.g.contour-makers
or set tonull
if not yet knownentsAccess
: list, the x500 name of the corda name the webapp connecting to, e.g.["O=SureBank,L=Tokyo,C=JP"]
productAccess
: list, the list of products this role has access to, e.g.["DC_IMPORT","DC_EXPORT","ESSDOCS"]
. The possible values areDC_IMPORT
: for import documentary creditDC_EXPORT
: for export documentary creditESSDOC
: for essDocs document (if essDocs integration enabled)
businessAccess
: list, types of actions this role has access to the product, e.g.["READ","CREATE"]
. The possible values areREAD
: view only,CREATE
: create/draft new transaction, i.e. for makerCHECK
: verify/reject drafted transaction, i.e. for checkerAPPROVE
: approve/reject verified transaction, i.e. for approver
reportAccess
: list, e.g.["AUDIT_USERS","AUDIT_TRANSACTIONS"]
AUDIT_USERS
:AUDIT_TRANSACTIONS
:
roleEditing
: true|false, whether this role has access to manage (create/update/deactivate) rolesuserEditing
: true|false, whether this role has access to manage (create/update/deactivate) usersclientAuthzEditing
: true|false, for bank node only, whether this role has access to client authorizationauthzMatrixEditing
: true|false, whether this role has access to manage (create/update/delete) authorization matrixfxrateEditing
: true|false, whether this role has access to manage (create/update/delete) foreign exchange (FX) rates
Example json template for maker:
{
"isSuperAdmin": false,
"name": "DC Makers",
"ldapGroup": null,
"entsAccess": ["O=SureBank,L=Tokyo,C=JP"],
"productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
"businessAccess": ["READ","CREATE"],
"reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
"roleEditing": false,
"userEditing": false,
"clientAuthzEditing": false,
"authzMatrixEditing": false,
"fxrateEditing": false,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
}
Bootstrap Users
One or more users can be bootstrapped, and the assigned them with superadmin permissions.
The json template of a user definition:
{
"isSuperAdmin": true,
"username": "sysadmin1",
"password": "",
"email": "user@email.com"
}
Other Bootstraps
Authorization matrix
fillAuthzMatrix
: true|false.- If set to
false
, the administrator will have to create one more entries in the authorization matrix otherwise users will be blocked from making any LC related action. - If set to
true
, one default entry will be created and it will allow any amount on LC to all user roles.
- If set to
fillFxRate
: true|false.
A Complete Example
A complete example of bootstrap.json
.
{
"users":[
{
"isSuperAdmin": true,
"username": "sysadmin1",
"password": "",
"email": "user@email.com"
},
{
"isSuperAdmin": true,
"username": "sysadmin1",
"password": "",
"email": "user@email.com"
}
],
"roles": [
{
"isSuperAdmin": false,
"name": "DC Makers",
"ldapGroup": null,
"entsAccess": ["O=SureBank,L=Tokyo,C=JP"],
"productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
"businessAccess": ["READ","CREATE"],
"reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
"roleEditing": false,
"userEditing": false,
"authzMatrixEditing": false,
"clientAuthzEditing": false,
"fxrateEditing": false,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
},
{
"isSuperAdmin": false,
"name": "DC Checkers",
"ldapGroup": null,
"entsAccess": ["O=SureBank,L=Tokyo,C=JP"],
"productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
"businessAccess": ["READ","CHECK"],
"reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
"roleEditing": false,
"userEditing": false,
"authzMatrixEditing": false,
"clientAuthzEditing": false,
"fxrateEditing": false,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
},
{
"isSuperAdmin": false,
"name": "DC Approvers",
"ldapGroup": null,
"entsAccess": ["O=SureBank,L=Tokyo,C=JP"],
"productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
"businessAccess": ["READ","APPROVE"],
"reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
"roleEditing": false,
"userEditing": false,
"authzMatrixEditing": false,
"clientAuthzEditing": false,
"fxrateEditing": false,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
},
{
"isSuperAdmin": false,
"name": "User Administrators",
"ldapGroup": null,
"entsAccess": ["O=SureBank,L=Tokyo,C=JP"],
"productAccess": ["DC_IMPORT","DC_EXPORT","ESSDOCS"],
"businessAccess": ["READ","CREATE","CHECK","APPROVE"],
"reportAccess": ["AUDIT_USERS","AUDIT_TRANSACTIONS"],
"roleEditing": true,
"userEditing": true,
"authzMatrixEditing": true,
"clientAuthzEditing": true,
"fxrateEditing": true,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
},
{
"isSuperAdmin": true,
"name": "superadmin",
"ldapGroup": null,
"entsAccess": [],
"productAccess": [],
"businessAccess": ["READ"],
"reportAccess": ["AUDIT_USERS"],
"roleEditing": true,
"userEditing": true,
"authzMatrixEditing": false,
"clientAuthzEditing": false,
"fxrateEditing": false,
"builtin": true,
"status": {
"approvedBy": null,
"createdBy": null
}
}
],
"fillAuthzMatrix": "true",
"fillFxRate": "true"
}