UMS must provide a secure, configurable, and auditable mechanism for managing system-wide and tenant-specific parameters. Internal platform administrators can manage global parameters and tenant-specific parameters through the internal UMS management scope, while tenant administrators can only manage parameters within their own tenant scope when the tenant is responsible for managing itself. All parameter changes must be tracked for compliance and debugging.
| Actor | Responsibility |
|---|---|
| Internal Platform Administrator | Manages global system parameters and tenant-specific parameters for any tenant through the internal portal scope. |
| Tenant Administrator | Manages parameters within their own tenant scope only when the tenant is allowed to manage its own UMS scope. Cannot access global configurations or other tenants’ configurations. |
| System | Consumes configured parameters to determine behavior, rules, limits, and permissions. |
CAN_MANAGE_GLOBAL_CONFIGURATION permission (for global config) or CAN_MANAGE_TENANT_CONFIGURATION permission (for tenant-specific config).Tenant.IsManagementOwner=true.OrganizationId matches the target tenant for tenant-specific operations.CAN_MANAGE_GLOBAL_CONFIGURATION.Scope = Global).OrganizationId == targetTenantId and that the tenant is allowed to manage its own scope.Scope = Tenant and TenantId = targetTenant.If a tenant administrator attempts to access global configuration, UMS returns a 403 error with message “Global configuration is only accessible through the internal management scope.”
If a tenant administrator attempts to access another tenant’s configuration, UMS returns a 403 error with message “You do not have permission to access this tenant’s configuration.”
If the administrator requests a non-existent parameter, UMS returns a 404 error.
If two administrators modify the same parameter simultaneously, UMS returns a 409 Conflict error with ETag mismatch information.
Parameters can only be modified when in Draft status. Published parameters require creating a new Draft version.
If an internal admin tries to create a Tenant-scoped parameter without specifying TenantId, UMS returns a validation error.
TenantId, no SystemSuiteId, and no ModuleId are Global. Only internal portal administrators can manage them.TenantId are tenant-specific. Both internal and tenant admins can manage them when the tenant is marked as a management owner (admins limited to their tenant).IsInheritable=true, child configurations can override the parameter.IsEncrypted=true, the value is stored encrypted and decrypted only when consumed.Major.Minor.Patch). Updates to Draft bump the minor version.In all AppConfiguration endpoints, add ITenantContext injection and verify:
// For global configs
if (scope == "Global" && !hasInternalPortalScope)
return Results.Forbid();
// For tenant configs
if (targetTenantId != organizationId && !hasInternalPortalScope)
return Results.Forbid();
| Method | Endpoint | Description | Authorization |
|---|---|---|---|
| GET | /app-configurations |
List configurations (filtered by scope and user permissions) | Based on scope |
| GET | /app-configurations/{id} |
Get single configuration | Based on scope and ownership |
| POST | /app-configurations |
Create new configuration | Internal admin or tenant admin for own tenant management scope |
| PUT | /app-configurations/{id} |
Update draft configuration | Same as create |
| POST | /app-configurations/{id}/publish |
Publish configuration | Same as create |
| POST | /app-configurations/{id}/archive |
Archive configuration | Same as create |
| Parameter | Behavior |
|---|---|
scope=Global |
Only internal portal administrators can query; returns all global configs |
scope=Tenant&tenantId={id} |
Internal portal administrators get all tenant configs; tenant admins get only their tenant when allowed |
| No scope filter | Returns configs based on user’s permissions |
| Current Hardcode | Parameter Code | Default Value |
|---|---|---|
ACCESS_TOKEN_DURATION (frontend) |
ACCESS_TOKEN_DURATION_MS |
3600000 (1 hour) |
REFRESH_TOKEN_DURATION (frontend) |
REFRESH_TOKEN_DURATION_MS |
604800000 (7 days) |
MIN_PASSWORD_LENGTH |
MIN_PASSWORD_LENGTH |
12 |
MAX_VALIDITY_PERIOD_DAYS |
MAX_VALIDITY_PERIOD_DAYS |
365 |
| Event | Fields |
|---|---|
APP_CONFIG_CREATED |
adminUserId, configId, code, scope, timestamp |
APP_CONFIG_UPDATED |
adminUserId, configId, code, oldVersion, newVersion, timestamp |
APP_CONFIG_PUBLISHED |
adminUserId, configId, code, version, timestamp |
APP_CONFIG_ARCHIVED |
adminUserId, configId, code, version, timestamp |
| Flag | Description | Default |
|---|---|---|
ALLOW_GLOBAL_CONFIG_MANAGEMENT |
Enable global configuration management | true |
ALLOW_TENANT_CONFIG_MANAGEMENT |
Enable tenant-specific configuration management | true |
AppConfiguration, AuditRecorddocs/domain/identity/tenant.md section 10 - add parameter management rules