diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml
index f40935568f..c6ebef438f 100644
--- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml
+++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml
@@ -130,6 +130,10 @@
org.json.wso2
json
+
+ io.entgra.device.mgt.core
+ io.entgra.device.mgt.core.device.mgt.core
+
@@ -187,6 +191,8 @@
io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.util,
io.entgra.device.mgt.core.device.mgt.common.exceptions,
io.entgra.device.mgt.core.device.mgt.common.metadata.mgt,
+ io.entgra.device.mgt.core.device.mgt.core.config,
+ io.entgra.device.mgt.core.device.mgt.core.config.permission,
org.wso2.carbon.base;version="1.0",
org.wso2.carbon.context;version="4.6",
org.wso2.carbon;version="4.6",
diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java
index d78de2c901..e76631e0cb 100644
--- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java
+++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java
@@ -17,7 +17,6 @@
*/
package io.entgra.device.mgt.core.apimgt.webapp.publisher;
-import io.entgra.device.mgt.core.apimgt.annotations.Scopes;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices;
@@ -40,6 +39,11 @@ import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiUriTemplate;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
+import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
+import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.ScopeMapping;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -437,18 +441,8 @@ public class APIPublisherServiceImpl implements APIPublisherService {
}
public void addDefaultScopesIfNotExist() {
- ArrayList defaultScopes = new ArrayList<>();
- defaultScopes.add("dm:devices:any:permitted");
- defaultScopes.add("dm:device:api:subscribe");
- defaultScopes.add("am:admin:lc:app:approve");
- defaultScopes.add("am:admin:lc:app:create");
- defaultScopes.add("am:admin:lc:app:reject");
- defaultScopes.add("am:admin:lc:app:block");
- defaultScopes.add("am:admin:lc:app:review");
- defaultScopes.add("am:admin:lc:app:retire");
- defaultScopes.add("am:admin:lc:app:deprecate");
- defaultScopes.add("am:admin:lc:app:publish");
-
+ DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
+ DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl();
try {
APIApplicationKey apiApplicationKey =
@@ -460,12 +454,13 @@ public class APIPublisherServiceImpl implements APIPublisherService {
PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
Scope scope = new Scope();
- for (String defaultScope: defaultScopes) {
+ for (DefaultPermission defaultPermission: defaultPermissions.getDefaultPermissions()) {
//todo check whether scope is available or not
- scope.setName(defaultScope);
- scope.setDescription(defaultScope);
- scope.setKey(defaultScope);
- scope.setRoles("Internal/devicemgt-user");
+ ScopeMapping scopeMapping = defaultPermission.getScopeMapping();
+ scope.setName(scopeMapping.getName());
+ scope.setDescription(scopeMapping.getName());
+ scope.setKey(scopeMapping.getKey());
+ scope.setRoles(scopeMapping.getDefaultRoles());
publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
}
} catch (BadRequestException | UnexpectedResponseException | APIServicesException e) {
diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java
index 544b04637f..bbd2fd952e 100644
--- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java
+++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java
@@ -18,17 +18,14 @@
package io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.listener;
import com.google.gson.Gson;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServicesImpl;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIInfo.Scope;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
+import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
+import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleListener;
@@ -47,7 +44,10 @@ import org.wso2.carbon.user.api.UserStoreException;
import javax.servlet.ServletContext;
import java.io.IOException;
-import java.util.*;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
@SuppressWarnings("unused")
public class APIPublisherLifecycleListener implements LifecycleListener {
@@ -128,45 +128,26 @@ public class APIPublisherLifecycleListener implements LifecycleListener {
"' and version '" + apiConfig.getVersion() + "'", e);
}
}
- apiPublisherDataHolder.setPermScopeMapping(permScopeMap);
- Map permScopeMapping = apiPublisherDataHolder.getPermScopeMapping();
- if (!permScopeMapping.isEmpty()) {
- Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" +
- "-mapping");
- if (existingMetaData != null) {
- existingMetaData.setMetaValue(new Gson().toJson(apiPublisherDataHolder.getPermScopeMapping()
- ));
- metadataManagementService.updateMetadata(existingMetaData);
- } else {
- Metadata newMetaData = new Metadata();
- newMetaData.setMetaKey("perm-scope-mapping");
- permScopeMapping =
- apiPublisherDataHolder.getPermScopeMapping();
+ Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" +
+ "-mapping");
+ if (existingMetaData != null) {
+ existingMetaData.setMetaValue(new Gson().toJson(permScopeMap));
+ metadataManagementService.updateMetadata(existingMetaData);
+ } else {
+ Metadata newMetaData = new Metadata();
+ newMetaData.setMetaKey("perm-scope-mapping");
- //Todo fix this properly with a config
- Map defaultScopePermMap = new HashMap<>();
- defaultScopePermMap.put("/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device", "dm:devices:any:permitted");
- defaultScopePermMap.put("/permission/admin/device-mgt/device/api/subscribe", "dm:device:api:subscribe");
- defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/approve", "am:admin:lc:app:approve");
- defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/create", "am:admin:lc:app:create");
- defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/reject", "am:admin:lc:app:reject");
- defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/block", "am:admin:lc:app:block");
- defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/review", "am:admin:lc:app:review");
- defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/retire", "am:admin:lc:app:retire");
- defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/deprecate", "am:admin:lc:app:deprecate");
- defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/publish", "am:admin:lc:app:publish");
+ DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
+ DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
- for (Map.Entry mapElement : defaultScopePermMap.entrySet()) {
- String key = mapElement.getKey();
- String value = mapElement.getValue();
- permScopeMapping.put(key,value);
- }
- apiPublisherDataHolder.setPermScopeMapping(permScopeMapping);
- newMetaData.setMetaValue(new Gson().toJson(permScopeMapping));
- metadataManagementService.createMetadata(newMetaData);
+ for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) {
+ permScopeMap.put(defaultPermission.getName(), defaultPermission.getScopeMapping().getKey());
}
+ newMetaData.setMetaValue(new Gson().toJson(permScopeMap));
+ metadataManagementService.createMetadata(newMetaData);
}
+ apiPublisherDataHolder.setPermScopeMapping(permScopeMap);
} catch (IOException e) {
log.error("Error encountered while discovering annotated classes", e);
} catch (ClassNotFoundException e) {
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/DeviceManagementConfig.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/DeviceManagementConfig.java
index 08c08df5ed..94d873b192 100644
--- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/DeviceManagementConfig.java
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/DeviceManagementConfig.java
@@ -39,6 +39,7 @@ import io.entgra.device.mgt.core.device.mgt.core.config.push.notification.PushNo
import io.entgra.device.mgt.core.device.mgt.core.config.remote.session.RemoteSessionConfiguration;
import io.entgra.device.mgt.core.device.mgt.core.config.status.task.DeviceStatusTaskConfig;
import io.entgra.device.mgt.core.device.mgt.core.config.task.TaskConfiguration;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
@@ -75,6 +76,8 @@ public final class DeviceManagementConfig {
private MetaDataConfiguration metaDataConfiguration;
private EnrollmentGuideConfiguration enrollmentGuideConfiguration;
+ private DefaultPermissions defaultPermissions;
+
@XmlElement(name = "ManagementRepository", required = true)
public DeviceManagementConfigRepository getDeviceManagementConfigRepository() {
return deviceManagementConfigRepository;
@@ -287,5 +290,14 @@ public final class DeviceManagementConfig {
public void setEnrollmentGuideConfiguration(EnrollmentGuideConfiguration enrollmentGuideConfiguration) {
this.enrollmentGuideConfiguration = enrollmentGuideConfiguration;
}
+
+ @XmlElement(name = "DefaultPermissions", required = true)
+ public DefaultPermissions getDefaultPermissions() {
+ return defaultPermissions;
+ }
+
+ public void setDefaultPermissions(DefaultPermissions defaultPermissions) {
+ this.defaultPermissions = defaultPermissions;
+ }
}
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermission.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermission.java
new file mode 100644
index 0000000000..d8ee628924
--- /dev/null
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermission.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package io.entgra.device.mgt.core.device.mgt.core.config.permission;
+
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement(name = "DefaultPermission")
+public class DefaultPermission {
+
+ private String name;
+ private ScopeMapping scopeMapping;
+
+ @XmlElement(name = "Name", required = true)
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ @XmlElement(name = "MappedScopeDetails", required = true)
+ public ScopeMapping getScopeMapping() {
+ return scopeMapping;
+ }
+
+ public void setScopeMapping(ScopeMapping scopeMapping) {
+ this.scopeMapping = scopeMapping;
+ }
+}
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermissions.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermissions.java
new file mode 100644
index 0000000000..c04695b111
--- /dev/null
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermissions.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package io.entgra.device.mgt.core.device.mgt.core.config.permission;
+
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import java.util.List;
+
+@XmlRootElement(name = "DefaultPermissions")
+public class DefaultPermissions {
+
+ private List defaultPermissions;
+
+ @XmlElement(name = "DefaultPermission", required = true)
+ public List getDefaultPermissions() {
+ return defaultPermissions;
+ }
+
+ public void setDefaultPermissions(List defaultPermissions) {
+ this.defaultPermissions = defaultPermissions;
+ }
+}
diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/ScopeMapping.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/ScopeMapping.java
new file mode 100644
index 0000000000..e745126502
--- /dev/null
+++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/ScopeMapping.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package io.entgra.device.mgt.core.device.mgt.core.config.permission;
+
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement(name = "MappedScopeDetails")
+public class ScopeMapping {
+
+ private String name;
+ private String key;
+
+ private String defaultRoles;
+
+ @XmlElement(name = "Name", required = true)
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ @XmlElement(name = "Key", required = true)
+ public String getKey() {
+ return key;
+ }
+
+ public void setKey(String key) {
+ this.key = key;
+ }
+
+ @XmlElement(name = "DefaultRoles", required = true)
+ public String getDefaultRoles() {
+ return defaultRoles;
+ }
+
+ public void setDefaultRoles(String defaultRoles) {
+ this.defaultRoles = defaultRoles;
+ }
+}
diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml
index c40cefc413..97c4ca9a3e 100644
--- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml
+++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml
@@ -211,5 +211,87 @@
false
Replace with mail
+
+
+ /permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device
+
+ Apply permitted actions on any device
+ dm:devices:any:permitted
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/device-mgt/device/api/subscribe
+
+ Subscribe APIs
+ dm:device:api:subscribe
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/approve
+
+ Approve Applications
+ am:admin:lc:app:approve
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/create
+
+ Create Applications
+ am:admin:lc:app:create
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/reject
+
+ Reject Applications
+ am:admin:lc:app:reject
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/block
+
+ Block Applications
+ am:admin:lc:app:block
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/review
+
+ Review Applications
+ am:admin:lc:app:review
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/retire
+
+ Retire Applications
+ am:admin:lc:app:retire
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/deprecate
+
+ Deprecate Application
+ am:admin:lc:app:deprecate
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/publish
+
+ Publish Applications
+ am:admin:lc:app:publish
+ Internal/devicemgt-user
+
+
+
diff --git a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2 b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2
index 2fe1494e09..bd6961e7d8 100644
--- a/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2
+++ b/features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2
@@ -383,5 +383,87 @@
Replace with mail
{% endif %}
+
+
+ /permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device
+
+ Apply permitted actions on any device
+ dm:devices:any:permitted
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/device-mgt/device/api/subscribe
+
+ Subscribe APIs
+ dm:device:api:subscribe
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/approve
+
+ Approve Applications
+ am:admin:lc:app:approve
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/create
+
+ Create Applications
+ am:admin:lc:app:create
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/reject
+
+ Reject Applications
+ am:admin:lc:app:reject
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/block
+
+ Block Applications
+ am:admin:lc:app:block
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/review
+
+ Review Applications
+ am:admin:lc:app:review
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/retire
+
+ Retire Applications
+ am:admin:lc:app:retire
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/deprecate
+
+ Deprecate Application
+ am:admin:lc:app:deprecate
+ Internal/devicemgt-user
+
+
+
+ /permission/admin/app-mgt/life-cycle/application/publish
+
+ Publish Applications
+ am:admin:lc:app:publish
+ Internal/devicemgt-user
+
+
+