OAuth Project & Client Permission Management
Overview
The OAuth Project & Client Permission module controls which roles can access, configure, and manage OAuth projects and client credentials within the system. Permissions are managed under System Configuration > User Roles Permission > All Permission, filtered under the Developer permission tab.
Permission Levels
Default Acess
There are two default permission tiers applied across all user roles:
| Role Type | Developer Configuration Access | View Other Projects | Manage Own Project | Manage Other Projects |
|---|---|---|---|---|
| Superadmin | Full access (default) | ✅ | ✅ | ✅ |
| Standard User | ❌ (unless granted) | ✅ (view only) | ✅ | ❌ (unless granted) |
Available Permission Flags
The following permission flags are available under the Developer tab:
| Permission Flag | Description | Default State | Who Can Enable |
|---|---|---|---|
| Allow to access developer configuration | Grants access to developer-level system settings (portal.xilnex.com/Developer) | Disabled for non-superadmin account | Must be explicitly enabled by Superadmin |
| Allow to manage all OAuth Projects | Grants ability to create, edit, and delete OAuth projects and client credentials beyond the user's own | Standard users manage own projects only | Must be explicitly enabled by Superadmin |
Permission Matrix by Use Case
| Use Case | Required Permission Flag |
|---|---|
| User needs to view their own and others' OAuth projects | Default (no change needed) |
| User needs to configure developer settings | Allow to access developer configuration |
| User needs to manage (edit/delete) other users' projects | Allow to manage all OAuth Projects |
| Full control (equivalent to Superadmin) | Both flags enabled |
Granting Elevated Permissions
To grant a role elevated OAuth access:
- Navigate to System Configuration > User Roles Permission > All Permission.
https://portal.xilnex.com/SystemConfiguration/UserRolesPermission/AllPermission - Select the Developer tab from the More dropdown in the top navigation.
- Locate the permission row: Allow to access developer configuration or Allow to manage all OAuth Projects.
- Check the checkbox under the target role column to enable the permission.
- Done.
Granting Access to Third-Party Developers
If your organization engages an external or third-party developer, use this permission configuration to provide scoped, least-privilege access to the portal.
- Create a new user account for the third-party developer under System Configuration > User Management > User List.
https://portal.xilnex.com/SystemConfiguration/UserManagement/UserList - Assign the account a dedicated role (e.g., Developer - External) to distinguish it from internal users. Avoid reusing existing role profiles.
- Navigate to System Configuration > User Roles Permission > All Permission and select the Developer tab.
https://portal.xilnex.com/SystemConfiguration/UserRolesPermission/AllPermission - Disable all permissions for the assigned role by unchecking all flags across the permission matrix.
- Enable only the following flag:
Permission Flag Action Rationale Allow to access developer configuration ✅ Enable Grants the third-party developer access to OAuth and developer settings scoped to their own projects only Allow to manage all OAuth Projects ❌ Leave disabled (default) Prevents the external developer from modifying or deleting projects and clients that belong to other users - If the third-party developer is explicitly required to manage other projects or clients, additionally enable:
Permission Flag Action Allow to manage all OAuth Projects ✅ Enable with documented approval
Security Advisory: Enabling Allow to manage all OAuth Projects for an external party grants them write and delete access to all OAuth clients in the system. This should only be approved with a formal access request and reviewed periodically. Revoke access immediately upon project completion.
Related Articles
Managing OAuth Client Credentials
Overview Xilnex Auth implements the OAuth 2.0 protocol to govern service-to-service authorization. Client credentials serve as the authentication identity for backend services, enabling them to authorize, or be authorized by, other services within ...Xilnex Auth Integration Guide
Introduction Xilnex Auth implements OAuth 2.0, a widely adopted authorization framework that enables secure access to protected resources by issuing access tokens to client applications. This document provides a comprehensive guide on how to use ...Available Events: Xilnex Event Hub
Last Updated: 05 May 2026 Sales # Event Name 1 Create Sales 2 Confirm Sales 3 Confirm Sales v2 4 Complete Sales 5 Complete Sales v2 6 Cancel Sales 7 Update Sales 8 Cancel Sales Order 9 Confirm Sales Order 10 Complete Sales Order 11 Post Quotation to ...Integrating with Xilnex: Event Triggers & Webhook Configuration
Overview Xilnex Event Hub is an integration framework that enables your system to automatically dispatch real-time notifications to external applications whenever a defined business action occurs — such as completing a sale, creating a client, or ...
Recent Articles
Staff Meal Integration
Staff Meal Integration User Guideline Introduction Staff Meal Integration allows F&B POS to deduct staff meal credit / wallet balance directly from a third-party staff management system when staff purchase meals. This feature is currently supported ...Cancel Print of Full Tax Invoice
Overview In Classic POS, there is a feature called Print Full Tax Invoice, which allows users to generate a full tax invoice for a completed sale. The system must maintain an auditable log whenever a Full Tax Invoice is cancelled. This guideline ...Xilnex API Guide for 3rd party
1. Objective The objective of this API guide is to provide a clear reference for developers and integration partners on how to utilize the Xilnex APIs to establish communication with the Xilnex system. The guide outlines the available endpoints, ...Enabling On The Move 1.0 Access Permission (OTM1.0)
Overview This guide explains how to enable access for users who need to use On The Move 1.0 (OTM 1.0). For OTM 1.0, only one permission is required: Allow to access on the move If this permission is not enabled for the user's assigned user group, the ...Available Events: Xilnex Event Hub
Last Updated: 05 May 2026 Sales # Event Name 1 Create Sales 2 Confirm Sales 3 Confirm Sales v2 4 Complete Sales 5 Complete Sales v2 6 Cancel Sales 7 Update Sales 8 Cancel Sales Order 9 Confirm Sales Order 10 Complete Sales Order 11 Post Quotation to ...
Popular Articles
Basic - How to create a voucher-coupon
Voucher and coupon definition Voucher can be generated in bulk and can be used once Coupon can only be created one at a time (reusable code) and can be use multiple times Pre-voucher / coupon setup There are 2 things need to be prepared before we can ...Understanding DuitNow QR Payment in ClassicPOS
Introduction This document introduces the DuitNow QR payment feature available in the Xilnex Retail POS, enabling merchants to accept payments conveniently through Malaysia's national QR payment standard. The integration of DuitNowQR simplifies the ...Basic - How to change custom cost to another branch that don’t have custom cost
Change custom cost to another branch that don’t have custom cost 1. Get the item list from the location with custom cost (Item Code, Name, Custom Cost) 2. Make sure the Show Location Price are selected 3. Export the item list in Excel 4. The file ...Intermediate - How to Bill & Post to Sales from Transfer Note
1.0 Purpose A bill is required from transfer note when an inventory transfer involves financial transactions, cost allocation, or compliance with tax and accounting regulations. It is used when stock is moved between outlets that operate as separate ...Basic - How to enable E-Receipt Portal and QR Code Setup on Printing format in Xilnex
Enable E-Receipt Portal Enable the E-receipt functionality Once Enabled, you will be getting the E-Receipt portal link Continue under Theme & Styling, enabled for the E-Invoice (LHDN) You can customize the look and feel of the E-Receipt portal ...