Control what custom portal functionality is visible according to user permissions

Service providers can offer their business customers several portals from Add-on Mart – for example, the Cloud PBX self-care portal – along with portals developed in-house or by a third party. Different access levels for these portals are required: for example, a business customer might give their PBX administrator full access to just the PBX configuration and their operations manager full access to just the financial information. It is important to control access to the functionality of these portals using the same set of role-based permissions. Otherwise, a user prohibited from doing some operation on the “default” portal may find a loophole to do this via an alternative portal.

With this release, service providers can have unified control over what functionality portal users can see or use on these portals right from the PortaBilling web interface. Simply upload/add manually the portal structure to PortaBilling and add portal view permissions.

• Service providers can develop in-house portals and control what portal functionality is available to a customer’s users according to role-based permissions.

Let’s say, ABC company has two self-care portals: the Cloud PBX portal and the IoT portal. ABC wants to control access to portal functionality for the following employees:

• John, an IT support team lead – has full access to just the PBX configuration of the Cloud PBX portal, financial information is forbidden; and full access to the IoT portal.
• Mark, junior IT support engineer – has full access to just the PBX configuration of the Cloud PBX portal, financial information is forbidden; and has no access to the IoT portal.
• Adam, an operations manager – has full access to just the financial information of the Cloud PBX portal; PBX configuration is forbidden.

To configure what functionality portal users can see or use, the administrator needs to perform the following steps:

1. Contact our support team to receive the sample file of the portal structure. Create your files for portals in the JSON format.
2. Add/Upload the self-care portal structure for Cloud PBX and IoT portals.
   1. Open My company > Access control > Portal structures > add/upload new portal structure.
   2. Click the portal name to see the portal structure. You can add/edit/delete portal pages manually anytime.
   3. Similarly, add the structure for the IoT portal.
3. Create needed roles for access to the customer self-care portal.
   1. Open My company > Access control > Roles.
   2. Create roles “IT support team lead” and “Operations manager” with the Customer self-care role type.
4. Configure data access permissions for the created roles:
   1. Open a role, e.g., “IT support team lead.”
   2. Go to Permissions tab.
   3. Set the permissions. Since potentially any data can be used in a portal structure, it is advisable to grant the “Modify” permission to all components/objects to avoid conflicts with the portal view permissions (configured at step 5).
      If you provide not only access to the portal, but also the API service, granting “Modify” permissions to all components/objects poses a potential security risk, as data may be exposed via the API by users with this role. In such a case, you need to configure permissions (“Restrict,” “Read,” or “Modify”) in a way that prevents exposing sensitive information via API.

       

      

5. Configure what functionality the user with the “IT support team lead” role can see and manage for each portal.
   1. Open IT support team lead role > External portals > click Add.
   2. Specify the URL and select a structure for the Cloud PBX portal.
   3. Select Forbidden access for Billing functionality > Save.
   4. Specify the URL and select a structure for the IoT portal as mentioned above.
6. Create “Junior IT support engineer” role by cloning the “IT support team lead” role and changing the permissions. Cloning helps to create a new role faster, since “Junior IT support engineer” has almost the same permissions.
   1. Open IT support team lead role > click Clone.
   2. Specify a name for a new role, e.g., Junior IT support engineer.
   3. Change view configuration name for Cloud PBX portal.
   4. Turn off the Portal structure toggle switch for IoT portal > Save. Now Junior IT support engineer has access only to Cloud PBX portal.
7. Configure what functionality the user with the “Operations manager” role can see and manage for each portal.
   1. Open Operations manager role > External portals > click Add.
   2. Specify the URL and select a structure for the Cloud PBX portal.
   3. Select Forbidden access for all functionality except My company (includes Billing) > Save.