ConsumerDataStandardsAustralia / standards-maintenance

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41 stars 9 forks source link

Uplift to user access model for the registry #445

Closed WestpacOpenBanking closed 2 years ago

WestpacOpenBanking commented 2 years ago

Description

Currently, the registry defines a small number of roles which define permissions for access to and actions within the CDR Service Management portal. Example roles include Primary Business Contact, Primary IT Contact and Authorised CTS Tester The current role definitions do not support participants to separate assignment of responsibilities to per brand listed under the register. It would be beneficial from a security and management point of view if permissions could be assigned so that users could only update details for specific brands. As a practical example, a data holder may wish to have a different team maintain registry data for their white-labelled brands. Similar considerations may also apply under some of the data sharing arrangements proposed under the version 3 rules, for example a CDR representative may wish to maintain some of their data in the registry.

Area Affected

The registry portal, including maintenance of brand details, certificates, authentication details, endpoints, addresses, user lists, CTS testing, reporting and other functionality.

Change Proposed

Develop a more sophisticated access model for the registry portal. At a minimum this should allow some users to be only able to perform actions in relation to brands as specified by the primary contacts for an organisation.

CDR-API-Stream commented 2 years ago

@WestpacOpenBanking, Thanks for your feedback.

This GitHub repository is specifically for raising change requests or issues concerning the Consumer Data Standards. For feedback or issues relating to the operation of the Consumer Data Right (e.g. queries involving the Participant Portal) please contact the ACCC via the CDR Service Management Portal or via the CDR Technical Operations Mailbox.