Add VIEW_IDP to Business Admin Role

[MaximilianHauer]

Description

Currently the Business Admin does have roles to create/add users but during this process the role VIEW_IDP is needed as the frontend is checking if the company is currently undergoing a transition between two idp.
if this is the case the user creation would be blocked.
to enable the business admin to proceed the process we would need to add the role view_idp .

Acceptance Criteria

• Business Admin does have VIEW_IDP

Additional Information

[typecastcloud]

Hi @Phil91 @MaximilianHauer,
I was just wondering if Business Admin is supposed to be able to add/remove app user for subscribed apps. I think they need modify_user_account and view_client_roles for that.

[MaximilianHauer]

@typecastcloud there is no logic to add users for certain apps/services as soon as the app is subscribed via the "subscribe_apps" role the whole company can access it

[typecastcloud]

@typecastcloud there is no logic to add users for certain apps/services as soon as the app is subscribed via the "subscribe_apps" role the whole company can access it

You are mistaken.

User Management -> Access Management -> Select subscribed app (here GET api/administration/user/owncompany/roles/apps endpoint is called. Requiring view_client_roles) -> Add role -> Search and Select Users -> Confirm -> Add Roles -> Confirm Selected Roles (here PUT api/administration/user/owncompany/users/{id}/apps/{id}/roles is called. Requiring modify_user_account)

I was just wondering if the Business Admin should be able to do this.

[MaximilianHauer]

based on last discussions userstory was adjusted

[Phil91]

based on last discussions userstory was adjusted

PR was already updated as well.

[MaximilianHauer]

waiting for resetting of INT env until it should be tested .