Creating Role Permissions for Applications Developed

You can manage portal user permissions by assigning roles. Portal users can have multiple roles, and their permissions will be a sum of the roles assigned.

The role permission in the service configuration center corresponds to the profiles in Environment Configuration > Configuration > User Security > Profiles. The difference is that the service configuration center exclusively displays permissions used by portal users.

Creating Role Permissions

Log in to the Huawei Cloud Astro Zero console and click Access Homepage. The application development page is displayed.
Click in the upper left corner and choose Environments > Configuration Center.

Figure 1 Accessing the configuration center
In the navigation pane, choose Role Permissions.

The existing role permissions are displayed on the right, including those created in Configuration > User Security > Profiles.
Click + next to All to add role permissions.
Set the role name, for example, TestUser.

Figure 2 Adding a role
Set permission items.
1. Click the edit button in the Manage Profile area to set the following permission items:
  Figure 3 Managing permissions
  - Check users: allows you to view the profiles of all portal users created in the service configuration center. You can access Users under Organizations & Users in the service configuration center, but cannot create, delete, or edit portal users.
  - Manage users: If this item is selected, Check users and Check roles are selected by default. You can access Users under Organizations & Users in the service configuration center to create, delete, and edit portal users. You can also access Role Permissions.
  - Check roles: allows you to view the profiles of all roles created in the service configuration center. You can access Role Permissions under Organizations & Users in the service configuration center. You can also create, delete, and edit roles.
  - Check groups: allows you to view all organization permissions created in the service configuration center. You can access Organizations under Organizations & Users in the service configuration center, but cannot create, delete, or edit organizations.
  - Manage groups: If this item is selected, Check roles and Check groups are selected by default. You can access Organizations under Organizations & Users in the service configuration center to create, delete, and edit organizations. You can also access the role permission page.
  - Check logs: allows you to access Operation Logs under Organizations & Users in the service configuration center. You can view logs of all users of the same tenant on Huawei Cloud Astro Zero.
2. In the Application Permission Configuration area, configure permissions.
  Click Hide in the Operation column to enable the application visibility. Click Visible to disable application visibility.
  
  Figure 4 Configuring visible and default permissions
3. In the application permission configuration area, click an application to add the service permission credential and extended permission set of the application to the role.
  Figure 5 Configuring service permission credentials and extended permission sets
  - Service permission credentials are used to control the access permission of custom APIs. For details, see Creating a Service Permission Credential. During application development, developers need to add service permission credentials for APIs in the application. When an application is packaged, the application package data contains the service permission credentials.
  - The role permissions of the service configuration center are created based on Portal User Profile. The permissions of different portal users may be different. In this case, you can configure the extended permission set to assign different permission to portal users. For details about extended permission sets, see Creating a Permission Set.