v1Changelog

Users, Roles & Modules (RBAC)

Role-based access control: modules define available actions, roles bundle those actions, and users are assigned roles.

How RBAC fits together

Module ──▶ Sub-module ──▶ Action        (the catalog of what's possible)
                 ▲
                 │ referenced by actionId
                 │
Role  ──▶ [ module actions ]            (a named bundle of permissions)
                 ▲
                 │ roleId / roleName
                 │
User  ──▶ Role                          (who gets the bundle)

1. Modules (the permission catalog)

Modules describe the features, sub-modules and actions that roles can grant.

POST /v1/onboarding/module-data
Authorization: Bearer <JWT_TOKEN>

{
  "moduleType": "Module Access",
  "createdBy": "admin_user",
  "modules": [
    {
      "moduleName": "Banking",
      "subModules": [
        { "subModuleName": "Dashboard", "action": ["VIEW"] }
      ]
    }
  ]
}
OperationEndpoint
List modulesGET /v1/onboarding/module-data/listModules
List module-dataPOST /v1/onboarding/module-data/list
UpdatePATCH /v1/onboarding/module-data (send id)
Enable / disablePATCH /v1/onboarding/module-data/{id}/activation?isActive=false

2. Roles (bundles of permissions)

A role references module actions by their actionId (UUIDs from the module catalog).

POST /v1/onboarding/roles
Authorization: Bearer <JWT_TOKEN>

{
  "roleName": "Operations",
  "modules": [
    { "moduleId": "1", "actionId": ["90c74423-ddd8-42b0-9234-e3ac92df1b25"] }
  ],
  "createdBy": "adminUser",
  "description": "Operations team role",
  "isEnabled": true
}
OperationEndpoint
List (paged)POST /v1/onboarding/roles/list?page=1&size=5
Get by idGET /v1/onboarding/roles/{id}
Id + name listGET /v1/onboarding/roles/role-list (optional ?tenantCode=EDGEONE)
UpdatePATCH /v1/onboarding/roles (send id + modifiedBy)
Enable / disablePATCH /v1/onboarding/roles/{id}/activation?isActive=true
📘 Note

On update, the modules array may omit moduleId and supply only actionId, depending on how the role's permissions are being adjusted. Confirm the exact merge semantics with the platform team — marked To be confirmed.

3. Users (assigned a role)

POST /v1/onboarding/users
Authorization: Bearer <JWT_TOKEN>

{
  "firstName": "Jane",
  "lastName": "Doe",
  "mailID": "jane.doe@example.com",
  "isActive": true,
  "roleId": "8d03710e-2b79-4e78-9905-44520224d956",
  "roleName": "admin",
  "mfaEnable": true
}
FieldTypeDescription
firstName / lastNamestringUser's name.
mailIDstring (email)User's email address / login id.
isActivebooleanActive on creation.
roleIdstring (UUID)Assigned role id.
roleNamestringAssigned role name (must correspond to roleId).
mfaEnablebooleanWhether MFA is required for this user.
OperationEndpoint
List (paged)POST /v1/onboarding/users/list?page=1&size=10
Get by idGET /v1/onboarding/users/{id}
UpdatePATCH /v1/onboarding/users (send id)
Enable / disablePATCH /v1/onboarding/users/{id}/activation?isActive=false
Set / reset passwordPATCH /v1/onboarding/users/password (encrypted fields)
💡 Tip

Create the module catalog and roles before creating users, so each user can be assigned a valid roleId at creation time.