Merge pull request 'Add default perm config' (#252) from tcdlpds/device-mgt-core:master into master

Reviewed-on: #252

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/pom.xml

@@ -130,6 +130,10 @@
             <groupId>org.json.wso2</groupId>
             <artifactId>json</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.entgra.device.mgt.core</groupId>
+            <artifactId>io.entgra.device.mgt.core.device.mgt.core</artifactId>
+        </dependency>
     </dependencies>
 
 
@@ -187,6 +191,8 @@
                             io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.util,
                             io.entgra.device.mgt.core.device.mgt.common.exceptions,
                             io.entgra.device.mgt.core.device.mgt.common.metadata.mgt,
+                            io.entgra.device.mgt.core.device.mgt.core.config,
+                            io.entgra.device.mgt.core.device.mgt.core.config.permission,
                             org.wso2.carbon.base;version="1.0",
                             org.wso2.carbon.context;version="4.6",
                             org.wso2.carbon;version="4.6",

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java

@@ -17,7 +17,6 @@
  */
 package io.entgra.device.mgt.core.apimgt.webapp.publisher;
 
-import io.entgra.device.mgt.core.apimgt.annotations.Scopes;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
 import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices;
@@ -40,6 +39,11 @@ import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope;
 import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiUriTemplate;
 import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException;
 import io.entgra.device.mgt.core.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
+import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
+import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.ScopeMapping;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -437,18 +441,8 @@ public class APIPublisherServiceImpl implements APIPublisherService {
     }
 
     public void addDefaultScopesIfNotExist() {
-        ArrayList<String> defaultScopes = new ArrayList<>();
+        DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
-        defaultScopes.add("dm:devices:any:permitted");
+        DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
-        defaultScopes.add("dm:device:api:subscribe");
-        defaultScopes.add("am:admin:lc:app:approve");
-        defaultScopes.add("am:admin:lc:app:create");
-        defaultScopes.add("am:admin:lc:app:reject");
-        defaultScopes.add("am:admin:lc:app:block");
-        defaultScopes.add("am:admin:lc:app:review");
-        defaultScopes.add("am:admin:lc:app:retire");
-        defaultScopes.add("am:admin:lc:app:deprecate");
-        defaultScopes.add("am:admin:lc:app:publish");
-
         APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl();
         try {
             APIApplicationKey apiApplicationKey =
@@ -460,12 +454,13 @@ public class APIPublisherServiceImpl implements APIPublisherService {
             PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
 
             Scope scope = new Scope();
-            for (String defaultScope: defaultScopes) {
+            for (DefaultPermission defaultPermission: defaultPermissions.getDefaultPermissions()) {
                 //todo check whether scope is available or not
-                scope.setName(defaultScope);
+                ScopeMapping scopeMapping = defaultPermission.getScopeMapping();
-                scope.setDescription(defaultScope);
+                scope.setName(scopeMapping.getName());
-                scope.setKey(defaultScope);
+                scope.setDescription(scopeMapping.getName());
-                scope.setRoles("Internal/devicemgt-user");
+                scope.setKey(scopeMapping.getKey());
+                scope.setRoles(scopeMapping.getDefaultRoles());
                 publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
             }
         } catch (BadRequestException | UnexpectedResponseException | APIServicesException e) {

components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/lifecycle/listener/APIPublisherLifecycleListener.java

@@ -18,17 +18,14 @@
 package io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.listener;
 
 import com.google.gson.Gson;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServicesImpl;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIInfo.Scope;
-import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo;
 import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope;
 import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
 import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
 import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
+import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
+import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
 import org.apache.catalina.Lifecycle;
 import org.apache.catalina.LifecycleEvent;
 import org.apache.catalina.LifecycleListener;
@@ -47,7 +44,10 @@ import org.wso2.carbon.user.api.UserStoreException;
 
 import javax.servlet.ServletContext;
 import java.io.IOException;
-import java.util.*;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
 
 @SuppressWarnings("unused")
 public class APIPublisherLifecycleListener implements LifecycleListener {
@@ -128,45 +128,26 @@ public class APIPublisherLifecycleListener implements LifecycleListener {
                                         "' and version '" + apiConfig.getVersion() + "'", e);
                             }
                         }
-                        apiPublisherDataHolder.setPermScopeMapping(permScopeMap);
 
-                        Map<String, String> permScopeMapping = apiPublisherDataHolder.getPermScopeMapping();
-                        if (!permScopeMapping.isEmpty()) {
                         Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" +
                                 "-mapping");
                         if (existingMetaData != null) {
-                                existingMetaData.setMetaValue(new Gson().toJson(apiPublisherDataHolder.getPermScopeMapping()
+                            existingMetaData.setMetaValue(new Gson().toJson(permScopeMap));
-                                ));
                             metadataManagementService.updateMetadata(existingMetaData);
                         } else {
                             Metadata newMetaData = new Metadata();
                             newMetaData.setMetaKey("perm-scope-mapping");
-                                permScopeMapping =
-                                        apiPublisherDataHolder.getPermScopeMapping();
 
-                                //Todo fix this properly with a config
+                            DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
-                                Map<String, String> defaultScopePermMap = new HashMap<>();
+                            DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
-                                defaultScopePermMap.put("/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device", "dm:devices:any:permitted");
-                                defaultScopePermMap.put("/permission/admin/device-mgt/device/api/subscribe", "dm:device:api:subscribe");
-                                defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/approve", "am:admin:lc:app:approve");
-                                defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/create", "am:admin:lc:app:create");
-                                defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/reject", "am:admin:lc:app:reject");
-                                defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/block", "am:admin:lc:app:block");
-                                defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/review", "am:admin:lc:app:review");
-                                defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/retire", "am:admin:lc:app:retire");
-                                defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/deprecate", "am:admin:lc:app:deprecate");
-                                defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/publish", "am:admin:lc:app:publish");
 
-                                for (Map.Entry<String,String> mapElement : defaultScopePermMap.entrySet()) {
+                            for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) {
-                                    String key = mapElement.getKey();
+                                permScopeMap.put(defaultPermission.getName(), defaultPermission.getScopeMapping().getKey());
-                                    String value = mapElement.getValue();
-                                    permScopeMapping.put(key,value);
                             }
-                                apiPublisherDataHolder.setPermScopeMapping(permScopeMapping);
+                            newMetaData.setMetaValue(new Gson().toJson(permScopeMap));
-                                newMetaData.setMetaValue(new Gson().toJson(permScopeMapping));
                             metadataManagementService.createMetadata(newMetaData);
                         }
-                        }
+                        apiPublisherDataHolder.setPermScopeMapping(permScopeMap);
                     } catch (IOException e) {
                         log.error("Error encountered while discovering annotated classes", e);
                     } catch (ClassNotFoundException e) {

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/DeviceManagementConfig.java

@@ -39,6 +39,7 @@ import io.entgra.device.mgt.core.device.mgt.core.config.push.notification.PushNo
 import io.entgra.device.mgt.core.device.mgt.core.config.remote.session.RemoteSessionConfiguration;
 import io.entgra.device.mgt.core.device.mgt.core.config.status.task.DeviceStatusTaskConfig;
 import io.entgra.device.mgt.core.device.mgt.core.config.task.TaskConfiguration;
+import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
 
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
@@ -75,6 +76,8 @@ public final class DeviceManagementConfig {
     private MetaDataConfiguration metaDataConfiguration;
     private EnrollmentGuideConfiguration enrollmentGuideConfiguration;
 
+    private DefaultPermissions defaultPermissions;
+
     @XmlElement(name = "ManagementRepository", required = true)
     public DeviceManagementConfigRepository getDeviceManagementConfigRepository() {
         return deviceManagementConfigRepository;
@@ -287,5 +290,14 @@ public final class DeviceManagementConfig {
     public void setEnrollmentGuideConfiguration(EnrollmentGuideConfiguration enrollmentGuideConfiguration) {
         this.enrollmentGuideConfiguration = enrollmentGuideConfiguration;
     }
+
+    @XmlElement(name = "DefaultPermissions", required = true)
+    public DefaultPermissions getDefaultPermissions() {
+        return defaultPermissions;
+    }
+
+    public void setDefaultPermissions(DefaultPermissions defaultPermissions) {
+        this.defaultPermissions = defaultPermissions;
+    }
 }
 

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermission.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package io.entgra.device.mgt.core.device.mgt.core.config.permission;
+
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement(name = "DefaultPermission")
+public class DefaultPermission {
+
+    private String name;
+    private ScopeMapping scopeMapping;
+
+    @XmlElement(name = "Name", required = true)
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    @XmlElement(name = "MappedScopeDetails", required = true)
+    public ScopeMapping getScopeMapping() {
+        return scopeMapping;
+    }
+
+    public void setScopeMapping(ScopeMapping scopeMapping) {
+        this.scopeMapping = scopeMapping;
+    }
+}

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/DefaultPermissions.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package io.entgra.device.mgt.core.device.mgt.core.config.permission;
+
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import java.util.List;
+
+@XmlRootElement(name = "DefaultPermissions")
+public class DefaultPermissions {
+
+    private List<DefaultPermission> defaultPermissions;
+
+    @XmlElement(name = "DefaultPermission", required = true)
+    public List<DefaultPermission> getDefaultPermissions() {
+        return defaultPermissions;
+    }
+
+    public void setDefaultPermissions(List<DefaultPermission> defaultPermissions) {
+        this.defaultPermissions = defaultPermissions;
+    }
+}

components/device-mgt/io.entgra.device.mgt.core.device.mgt.core/src/main/java/io/entgra/device/mgt/core/device/mgt/core/config/permission/ScopeMapping.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package io.entgra.device.mgt.core.device.mgt.core.config.permission;
+
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+@XmlRootElement(name = "MappedScopeDetails")
+public class ScopeMapping {
+
+    private String name;
+    private String key;
+
+    private String defaultRoles;
+
+    @XmlElement(name = "Name", required = true)
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    @XmlElement(name = "Key", required = true)
+    public String getKey() {
+        return key;
+    }
+
+    public void setKey(String key) {
+        this.key = key;
+    }
+
+    @XmlElement(name = "DefaultRoles", required = true)
+    public String getDefaultRoles() {
+        return defaultRoles;
+    }
+
+    public void setDefaultRoles(String defaultRoles) {
+        this.defaultRoles = defaultRoles;
+    }
+}

features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf/cdm-config.xml

@@ -211,5 +211,87 @@
         <Enable>false</Enable>
         <Mail>Replace with mail</Mail>
     </EnrollmentGuideConfiguration>
+    <DefaultPermissions>
+        <DefaultPermission>
+            <Name>/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device</Name>
+            <MappedScopeDetails>
+                <Name>Apply permitted actions on any device</Name>
+                <Key>dm:devices:any:permitted</Key>
+                <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+            </MappedScopeDetails>
+        </DefaultPermission>
+        <DefaultPermission>
+            <Name>/permission/admin/device-mgt/device/api/subscribe</Name>
+            <MappedScopeDetails>
+                <Name>Subscribe APIs</Name>
+                <Key>dm:device:api:subscribe</Key>
+                <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+            </MappedScopeDetails>
+        </DefaultPermission>
+        <DefaultPermission>
+            <Name>/permission/admin/app-mgt/life-cycle/application/approve</Name>
+            <MappedScopeDetails>
+                <Name>Approve Applications</Name>
+                <Key>am:admin:lc:app:approve</Key>
+                <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+            </MappedScopeDetails>
+        </DefaultPermission>
+        <DefaultPermission>
+            <Name>/permission/admin/app-mgt/life-cycle/application/create</Name>
+            <MappedScopeDetails>
+                <Name>Create Applications</Name>
+                <Key>am:admin:lc:app:create</Key>
+                <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+            </MappedScopeDetails>
+        </DefaultPermission>
+        <DefaultPermission>
+            <Name>/permission/admin/app-mgt/life-cycle/application/reject</Name>
+            <MappedScopeDetails>
+                <Name>Reject Applications</Name>
+                <Key>am:admin:lc:app:reject</Key>
+                <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+            </MappedScopeDetails>
+        </DefaultPermission>
+        <DefaultPermission>
+            <Name>/permission/admin/app-mgt/life-cycle/application/block</Name>
+            <MappedScopeDetails>
+                <Name>Block Applications</Name>
+                <Key>am:admin:lc:app:block</Key>
+                <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+            </MappedScopeDetails>
+        </DefaultPermission>
+        <DefaultPermission>
+            <Name>/permission/admin/app-mgt/life-cycle/application/review</Name>
+            <MappedScopeDetails>
+                <Name>Review Applications</Name>
+                <Key>am:admin:lc:app:review</Key>
+                <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+            </MappedScopeDetails>
+        </DefaultPermission>
+        <DefaultPermission>
+            <Name>/permission/admin/app-mgt/life-cycle/application/retire</Name>
+            <MappedScopeDetails>
+                <Name>Retire Applications</Name>
+                <Key>am:admin:lc:app:retire</Key>
+                <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+            </MappedScopeDetails>
+        </DefaultPermission>
+        <DefaultPermission>
+            <Name>/permission/admin/app-mgt/life-cycle/application/deprecate</Name>
+            <MappedScopeDetails>
+                <Name>Deprecate Application</Name>
+                <Key>am:admin:lc:app:deprecate</Key>
+                <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+            </MappedScopeDetails>
+        </DefaultPermission>
+        <DefaultPermission>
+            <Name>/permission/admin/app-mgt/life-cycle/application/publish</Name>
+            <MappedScopeDetails>
+                <Name>Publish Applications</Name>
+                <Key>am:admin:lc:app:publish</Key>
+                <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+            </MappedScopeDetails>
+        </DefaultPermission>
+    </DefaultPermissions>
 </DeviceMgtConfiguration>
 

features/device-mgt/io.entgra.device.mgt.core.device.mgt.basics.feature/src/main/resources/conf_templates/templates/repository/conf/cdm-config.xml.j2

@@ -383,5 +383,87 @@
             <Mail>Replace with mail</Mail>
             {% endif %}
     </EnrollmentGuideConfiguration>
+    <DefaultPermissions>
+            <DefaultPermission>
+                <Name>/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device</Name>
+                <MappedScopeDetails>
+                    <Name>Apply permitted actions on any device</Name>
+                    <Key>dm:devices:any:permitted</Key>
+                    <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+                </MappedScopeDetails>
+            </DefaultPermission>
+            <DefaultPermission>
+                <Name>/permission/admin/device-mgt/device/api/subscribe</Name>
+                <MappedScopeDetails>
+                    <Name>Subscribe APIs</Name>
+                    <Key>dm:device:api:subscribe</Key>
+                    <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+                </MappedScopeDetails>
+            </DefaultPermission>
+            <DefaultPermission>
+                <Name>/permission/admin/app-mgt/life-cycle/application/approve</Name>
+                <MappedScopeDetails>
+                    <Name>Approve Applications</Name>
+                    <Key>am:admin:lc:app:approve</Key>
+                    <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+                </MappedScopeDetails>
+            </DefaultPermission>
+            <DefaultPermission>
+                <Name>/permission/admin/app-mgt/life-cycle/application/create</Name>
+                <MappedScopeDetails>
+                    <Name>Create Applications</Name>
+                    <Key>am:admin:lc:app:create</Key>
+                    <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+                </MappedScopeDetails>
+            </DefaultPermission>
+            <DefaultPermission>
+                <Name>/permission/admin/app-mgt/life-cycle/application/reject</Name>
+                <MappedScopeDetails>
+                    <Name>Reject Applications</Name>
+                    <Key>am:admin:lc:app:reject</Key>
+                    <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+                </MappedScopeDetails>
+            </DefaultPermission>
+            <DefaultPermission>
+                <Name>/permission/admin/app-mgt/life-cycle/application/block</Name>
+                <MappedScopeDetails>
+                    <Name>Block Applications</Name>
+                    <Key>am:admin:lc:app:block</Key>
+                    <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+                </MappedScopeDetails>
+            </DefaultPermission>
+            <DefaultPermission>
+                <Name>/permission/admin/app-mgt/life-cycle/application/review</Name>
+                <MappedScopeDetails>
+                    <Name>Review Applications</Name>
+                    <Key>am:admin:lc:app:review</Key>
+                    <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+                </MappedScopeDetails>
+            </DefaultPermission>
+            <DefaultPermission>
+                <Name>/permission/admin/app-mgt/life-cycle/application/retire</Name>
+                <MappedScopeDetails>
+                    <Name>Retire Applications</Name>
+                    <Key>am:admin:lc:app:retire</Key>
+                    <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+                </MappedScopeDetails>
+            </DefaultPermission>
+            <DefaultPermission>
+                <Name>/permission/admin/app-mgt/life-cycle/application/deprecate</Name>
+                <MappedScopeDetails>
+                    <Name>Deprecate Application</Name>
+                    <Key>am:admin:lc:app:deprecate</Key>
+                    <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+                </MappedScopeDetails>
+            </DefaultPermission>
+            <DefaultPermission>
+                <Name>/permission/admin/app-mgt/life-cycle/application/publish</Name>
+                <MappedScopeDetails>
+                    <Name>Publish Applications</Name>
+                    <Key>am:admin:lc:app:publish</Key>
+                    <DefaultRoles>Internal/devicemgt-user</DefaultRoles>
+                </MappedScopeDetails>
+            </DefaultPermission>
+        </DefaultPermissions>
 </DeviceMgtConfiguration>