Definitions:
Product:
A product is an intangible software item created to meet consumer needs or wants. It includes attributes such as quality, features, branding, and packaging. Products can have multiple applications (e.g., iOS, Android, Web). They are configured at the root level and support multi-tenancy, allowing for dynamic customization per tenant. While tenant admins and product owners can configure parts of the product and its plugins, only platform admins can trigger a product build, ensuring a unified build across all tenants. Example: HealthNavigator
Application:
A product can be available on various supported platforms, known as applications, such as mobile applications (for iOS and Android), web applications, and desktop applications. Each type of application caters to different platforms and user environments. For example, there could be a development iOS application for HealthNavigator, where HealthNavigator is the product.
Plugin:
A plugin is defined as a modular software component that focuses on a specific technical or functional feature. For example, a document upload feature. A plugin comprises the screen functionality and data transactions for a particular feature. There are two types of plugins in this context: Workflow plugins, which do not require native development effort but rely on a low-code development approach supported by BPMN workflows; and Development plugins, which necessitate development effort to create custom screen flows and business functionality.
SDK:
A Software Development Kit (SDK) is a set of tools, libraries, documentation, and code samples for developing applications on specific platforms or frameworks. SDKs streamline development by providing resources to build, test, and deploy software efficiently. In our case, SDKs are used in Front-end applications to create plugins and integrate features with a unified feel. They include UI components, screens libraries, common modules, interfaces, and a workflow-based rendering engine.
Role definition:
Possible Roles:
Super Admin (Platform-Wide):
Has the highest level of access across the entire platform. Can manage all aspects of the platform, including tenant configurations, application settings, Responsible for overseeing the platform's overall health, security, and compliance. Permission to trigger new builds.
Platform Admins (Platform-Wide, Customer-Oriented):
Manages applications across the platform but operates within the scope defined by the customer of the platform. Can configure application settings. and oversee application-level user access. Permission to trigger new builds.
Tenant Admins:
Responsible for configuring their specific tenant within the platform, Oversees the tenant's environment settings and ensures compliance with the platform's policies.
Product Owners:
Owns one or more products within the platform. Responsible for the strategic direction and management of the product(s).Can make decisions regarding product features, roadmap, and access controls. Can trigger builds for the product
Plugin Owners:
Owns one or more plugins within the platform. Manages the lifecycle of the plugin(s), including development, updates, and user access. Collaborates with product owners and application admins to integrate plugins into the platform.
Product Readers:
Has read-only access to product information. Can view product configurations, documentation, and reports but cannot make changes.
Plugin Readers:
Has read-only access to plugin information. Can view plugin configurations, documentation, and usage data but cannot make changes.
Application Viewers:
Has view-only access to application settings and data. Can monitor application performance and usage but cannot modify settings or manage users.
Testers:
Responsible for testing applications, products, and plugins within the platform. Can access various environments for testing purposes and report issues or bugs.
DevOps Admins:
Manages the platform's infrastructure, deployment pipelines, and operational aspects. Works closely with developers, testers, and product teams to ensure smooth CI/CD processes and system reliability Administration of these users:
User role administration will be managed via a Keycloak instance. Users will be redirected to a Keycloak login screen when initiating events that require authentication. A user ID and password are needed for login, after which an access token defining their permissions is granted. This token enables users to perform necessary actions based on their assigned permissions. The Admin API server will also be secured with Keycloak, and access token validation will be conducted.
Roles should be designed to build on each other, with Super Admin being the highest role (full access to all functions) and Plugin Owner being the role with the fewest permissions.