RoleConf

RoleConf determines which users have which roles in Salem. Users can be assigned to one or more roles, and this assignment is done based on the entries in RoleConf. id: the unque id assigned to a RoleConf disabled: a soft delete function to mark as conf is not active if set to 0 type: direct user: the unique identifer provider the the identity provider. Salem will match this value with the one provided by the identity provider to assign roles. roles: the list of roles to be assigned to the user once the identity (user) matches.

{
    "id": "example",
    "disabled": 0,
    "type": "direct",
    "user": "[email protected]",
    "roles": [ "salem.analyst", "salem.admin" ]
}

Besides having an ability to configure roles on per user basis, a default RoleConf is provided out of the box. The roles defined in the default RoleConf is applied to all authenticated users even if the 'user' value may not match. A new RoleConf entry must be created for each user who is authorized to use Salem. Note: By default, Azure AD uses the "User and Groups" as defined in the MS Entra ID. If you want Salem to use RoleConf to assign role, userRoleConfAzureAD must be set to true in the application environment.