Broadleaf Microservices
  • v1.0.0-latest-prod

Admin User Release Notes for 2.2.1-GA

Tip
The 2.x versions are Spring Boot 3 compatible.

Requirements

  • JDK 17 is required for Broadleaf release trains 2.0.0-GA, and beyond.

New Features & Notable Changes

Created a separate permission to allow admins to modify their own preferences

Introduced a separate ALL_ADMIN_USER_PROFILE permission and ADMIN_USER_PROFILE security scope. Before this, the general ADMIN_USER scope was used to gate whether an admin user can modify their own preferences, but that scope also provides access to view and manage other admin users. The ALL_ADMIN_USER_PROFILE permission has also been added to all roles out of box for users of the Broadleaf Initializr. The previous ADMIN_USER scope will also still function as before to access the user preference endpoint(s), but the new permission allows finer access control.

SQL Inserts for New Permission and Scope with Out-of-Box Role Mappings
INSERT INTO auth.blc_security_scope (id, name, open) VALUES ('-10009', 'ADMIN_USER_PROFILE', 'N');
INSERT INTO auth.blc_permission_scope (id, permission, is_permission_root, scope_id) VALUES ('-10009', 'ADMIN_USER_PROFILE', 'Y', '-10009');
INSERT INTO auth.blc_user_permission (id, archived, last_updated, name, is_account_perm, user_assignable) VALUES ('-10011', 'N', '2025-05-21 12:53:58.413970', 'ALL_ADMIN_USER_PROFILE', 'N', 'Y');
INSERT INTO auth.blc_user_permission (id, archived, last_updated, name, is_account_perm, user_assignable) VALUES ('-10012', 'N', '2025-05-21 12:53:58.413970', 'READ_ADMIN_USER_PROFILE', 'N', 'Y');
-- map to existing admin roles --
-- PARTIAL_ACCESS
INSERT INTO auth.blc_role_permission_xref (role_id, permission_id) VALUES ('-1', '-10012');
-- FULL_ACCESS
INSERT INTO auth.blc_role_permission_xref (role_id, permission_id) VALUES ('-2', '-10011');
-- APPLICATION_ACCESS
INSERT INTO auth.blc_role_permission_xref (role_id, permission_id) VALUES ('-7', '-10011');
-- ROLE_MARKETPLACE_OPERATOR
INSERT INTO auth.blc_role_permission_xref (role_id, permission_id) VALUES ('-200', '-10011');
-- ROLE_VENDOR_ADMIN
INSERT INTO auth.blc_role_permission_xref (role_id, permission_id) VALUES ('-201', '-10011');
-- ROLE_VENDOR_MERCHANDISER
INSERT INTO auth.blc_role_permission_xref (role_id, permission_id) VALUES ('-202', '-10011');
-- openapi
INSERT INTO auth.blc_client_scopes (id, scope) VALUES ('openapi', 'ADMIN_USER_PROFILE');
INSERT INTO auth.blc_client_permissions (id, permission) VALUES ('openapi', 'ALL_ADMIN_USER_PROFILE');