Skip to content

Roles

Jump to bottom
Martin Strandbygaard edited this page Apr 19, 2017 · 3 revisions

System Roles

Generalized naming convention for system roles:

http://<system name>.<environment>-<domain>.<country code>/roles/<roletype>/<rolename>/<version>

That becomes:

http://<some system>.[test-|preprod-|]<domain>.dk/roles/<roletype>/<rolename>/<version>

There are two types of system roles:

  • User system role (brugersystemrolle)
  • Service role (servicesystemrolle)

Examples of the two, according to above naming convention is:

Production environment:

User system role: http://sapa.kombit.dk/roles/usersystemrole/se_udbetalinger/8

Service role: http://sapa.kombit.dk/roles/servicesystemrole/rediger/4

Preproduction environment:

User system role: http://sapa.preprod-kombit.dk/roles/usersystemrole/se_udbetalinger/8

Service role: http://sapa.preprod-kombit.dk/roles/servicesystemrole/rediger/4

Internal Test environment:

User system role: http://sapa.test-kombit.dk/roles/usersystemrole/se_udbetalinger/8

Service role: http://sapa.test-kombit.dk/roles/servicesystemrole/rediger/4

Job Function Roles

Generalized naming convention for job function roles:

http://<organization domain>.<country code>/roles/jobrole/<rolename>/<version>

That becomes:

http://<organization domain>.dk/roles/jobrole/<rolename>/<version>

Example of a job function role is: http://kommune.dk/roles/jobrole/sagsbehandler/4

Job function roles are not dependent on a specific environment

Constraints

Data constraints are not claims but still need a naming convention.

The naming convention is:

http://<system name>.<environment>-<domain>.<country code>/constraints/<constraintname>/<version>

That becomes:

http://<system name>.[test-|preprod-|]<domain>.dk/constraints/<constraintname>/<version>

Examples for different environments:

http://organisation.kombit.dk/constraints/KLE/2

http://organisation.preprod-kombit.dk/constraints/KLE/2

http://organisation.test-kombit.dk/constraints/KLE/2

Note that there is no formal requirement that CH/STS supports versioning constraints

FAQ

  • How is it ensured, that role id's are globally unique, e.g. that two municipalities don't create a job function role, with the same id? Per the naming conventions, the FQDN of the municipality is part of the job function role id, and no municipalities share the same FQDN.
  • How can system roles be uniquely identified? By "usersystemrole" or "servicesystemrole" in the id of the role.
  • How can job function roles be uniquely identified? By "jobrole" in the id of the role.
  • How can constraints be uniquely identified? By "constraints" in the id.
Clone this wiki locally