OAuth Project & Client Permission Management

OAuth Project & Client Permission Management

Overview

The OAuth Project & Client Permission module controls which roles can access, configure, and manage OAuth projects and client credentials within the system. Permissions are managed under System Configuration > User Roles Permission > All Permission, filtered under the Developer permission tab.

Permission Levels

Default Acess
There are two default permission tiers applied across all user roles:
Role TypeDeveloper Configuration AccessView Other ProjectsManage Own ProjectManage Other Projects
SuperadminFull access (default)
Standard User❌ (unless granted)✅ (view only)❌ (unless granted)

Available Permission Flags
The following permission flags are available under the Developer tab:
Permission FlagDescriptionDefault StateWho Can Enable
Allow to access developer configurationGrants access to developer-level system settings (portal.xilnex.com/Developer)Disabled for non-superadmin accountMust be explicitly enabled by Superadmin
Allow to manage all OAuth ProjectsGrants ability to create, edit, and delete OAuth projects and client credentials beyond the user's ownStandard users manage own projects onlyMust be explicitly enabled by Superadmin

Permission Matrix by Use Case

Use CaseRequired Permission Flag
User needs to view their own and others' OAuth projectsDefault (no change needed)
User needs to configure developer settingsAllow to access developer configuration
User needs to manage (edit/delete) other users' projectsAllow to manage all OAuth Projects
Full control (equivalent to Superadmin)Both flags enabled

Granting Elevated Permissions

To grant a role elevated OAuth access:
  1. Navigate to System Configuration > User Roles Permission > All Permission.
    https://portal.xilnex.com/SystemConfiguration/UserRolesPermission/AllPermission
  2. Select the Developer tab from the More dropdown in the top navigation.

  3. Locate the permission row: Allow to access developer configuration or Allow to manage all OAuth Projects.
  4. Check the checkbox under the target role column to enable the permission.
  5. Done.

Granting Access to Third-Party Developers

If your organization engages an external or third-party developer, use this permission configuration to provide scoped, least-privilege access to the portal.
  1. Create a new user account for the third-party developer under System Configuration > User Management > User List.
    https://portal.xilnex.com/SystemConfiguration/UserManagement/UserList
  2. Assign the account a dedicated role (e.g., Developer - External) to distinguish it from internal users. Avoid reusing existing role profiles.
  3. Navigate to System Configuration > User Roles Permission > All Permission and select the Developer tab.
    https://portal.xilnex.com/SystemConfiguration/UserRolesPermission/AllPermission
  4. Disable all permissions for the assigned role by unchecking all flags across the permission matrix.
  5. Enable only the following flag:
    Permission FlagActionRationale
    Allow to access developer configuration✅ EnableGrants the third-party developer access to OAuth and developer settings scoped to their own projects only
    Allow to manage all OAuth Projects❌ Leave disabled (default)Prevents the external developer from modifying or deleting projects and clients that belong to other users
  6. If the third-party developer is explicitly required to manage other projects or clients, additionally enable:
    Permission FlagAction
    Allow to manage all OAuth Projects✅ Enable with documented approval
Warning
Security Advisory: Enabling Allow to manage all OAuth Projects for an external party grants them write and delete access to all OAuth clients in the system. This should only be approved with a formal access request and reviewed periodically. Revoke access immediately upon project completion.

    • Related Articles

    • Managing OAuth Client Credentials

      Overview Xilnex Auth implements the OAuth 2.0 protocol to govern service-to-service authorization. Client credentials serve as the authentication identity for backend services, enabling them to authorize, or be authorized by, other services within ...

    • Xilnex Auth Integration Guide

      Introduction Xilnex Auth implements OAuth 2.0, a widely adopted authorization framework that enables secure access to protected resources by issuing access tokens to client applications. This document provides a comprehensive guide on how to use ...

    • Recent Articles

    • OAuth Project & Client Permission Management

      Overview The OAuth Project & Client Permission module controls which roles can access, configure, and manage OAuth projects and client credentials within the system. Permissions are managed under System Configuration > User Roles Permission > All ...

    • Xilnex Auth Integration Guide

      Introduction Xilnex Auth implements OAuth 2.0, a widely adopted authorization framework that enables secure access to protected resources by issuing access tokens to client applications. This document provides a comprehensive guide on how to use ...

    • Managing OAuth Client Credentials

      Overview Xilnex Auth implements the OAuth 2.0 protocol to govern service-to-service authorization. Client credentials serve as the authentication identity for backend services, enabling them to authorize, or be authorized by, other services within ...

    • Downloading Store Sample CSV Template File in Xilnex Portal

      Overview The Download Store Sample CSV Template File feature in Store Management Import and Log allows staff to download a sample template, containing all necessary fields and proper format for importing data into the system. Preparing imported files ...

    • Importing Store Details in Xilnex Portal

      Overview The Import Store Details in Xilnex Portal is a function that allows users to import store data in bulk using CSV files. Users have the option to import the store details either With updating the existing records or Without updating the ...

    • Popular Articles

    • Basic - How to create a voucher-coupon

      Voucher and coupon definition Voucher can be generated in bulk and can be used once Coupon can only be created one at a time (reusable code) and can be use multiple times Pre-voucher / coupon setup There are 2 things need to be prepared before we can ...

    • Understanding DuitNow QR Payment in ClassicPOS

      Introduction This document introduces the DuitNow QR payment feature available in the Xilnex Retail POS, enabling merchants to accept payments conveniently through Malaysia's national QR payment standard. The integration of DuitNowQR simplifies the ...

    • Basic - How to change custom cost to another branch that don’t have custom cost

      Change custom cost to another branch that don’t have custom cost 1. Get the item list from the location with custom cost (Item Code, Name, Custom Cost) 2. Make sure the Show Location Price are selected 3. Export the item list in Excel 4. The file ...

    • Intermediate - How to Bill & Post to Sales from Transfer Note

      1.0 Purpose A bill is required from transfer note when an inventory transfer involves financial transactions, cost allocation, or compliance with tax and accounting regulations. It is used when stock is moved between outlets that operate as separate ...

    • Basic - How to enable E-Receipt Portal and QR Code Setup on Printing format in Xilnex

      Enable E-Receipt Portal Enable the E-receipt functionality Once Enabled, you will be getting the E-Receipt portal link Continue under Theme & Styling, enabled for the E-Invoice (LHDN) You can customize the look and feel of the E-Receipt portal ...