Configure HotelX Security

Granting Permissions

This topic describes how to configure permissions for a organization using HotelX and Stats.

Before you begin

  • Read IAM, which contains information about how TravelgateX manages security
  • Read HotelX, which contains information about the HotelX API

Scenario: Organization buying suppliers through HotelX

In this scenario, organanization org_test logs on to TravelgateX in order to use HotelX to buy product from suppliers.

Distribution will be made through 2 different channels, end users will use org_test_B2C_site whereas that org_test_B2B_site will be used for business users. Every channel will be configured separately.

Purchases will be made through accesses access_0 and access_1 which configure credentials for supplier_0 and supplier_1.

Once org_test integrates the HotelX API into their system and is certified, then they need to implement the role permission schema provided by TravelgateX to identify teams and members:

Team Members Description
CTO cto@org_test.com Manage all members and its permissions
Development dev1@org_test.com
dev2@org_test.com
Full access to HotelX and view stats
Operations operation1@org_test.com Only view stats
Backoffice backoffice1@org_test.com Permissions to Book, Cancel and Retrive Bookings through HotelX

A security implementation of this scenario will look similar to the following:

Group hiereachy
<b>Group hiereachy</b>
Organization
[Not supported by viewer]
org_test
[Not supported by viewer]
Folders
[Not supported by viewer]
purchase
[Not supported by viewer]
Products
[Not supported by viewer]
HotelX_0
[Not supported by viewer]
Stats_0
[Not supported by viewer]
Resources
[Not supported by viewer]
Clients
[Not supported by viewer]
org_test_B2C_site
[Not supported by viewer]
org_test_B2B_site
[Not supported by viewer]
Accesses
[Not supported by viewer]
access_0
[Not supported by viewer]
access_1
[Not supported by viewer]
Suppliers
[Not supported by viewer]
supplier_0
[Not supported by viewer]
supplier_1
[Not supported by viewer]
Clients
[Not supported by viewer]
org_test_B2C_site
[Not supported by viewer]
org_test_B2B_site
[Not supported by viewer]
org.owner
[Not supported by viewer]
cto@org_test.com
[Not supported by viewer]
hotelx.booking
[Not supported by viewer]
backoffice1@org_test.com
[Not supported by viewer]
stats.viewer
[Not supported by viewer]
operation1@org_test.com
[Not supported by viewer]
hotelx.owner, stats.owner
[Not supported by viewer]
dev1@org_test.com, dev2@org_test.com
<div style=“text-align: center”>dev1@org_test.com, dev2@org_test.com</div>

Group hierarchy is organized as:

  • 1 organization named org_test
  • 1 folder named purchase, which manages all products purchased by org_test:
    • HotelX to manage clients, suppliers and accesses
    • Stats to view statistics

The IAM policy manages these roles:

  • org.owner: All permissions over all organization resources
  • hotelx.owner: All permissions over all HotelX resources
  • hotelx.booking: Booking permissions (Book, Cancel and Get Bookings) for HotelX operations
  • stats.owner: All permissions for all Stats resources
  • stats.viewer: View permissions over Stats