How BillingCenter determines producer code access for resources

When using the producer code access strategy, callers are only able to access resources with an appropriate business relationship to the producer codes they provide.

In the data model, there may be a direct relationship between the producer code and the target entity. For example, the Producer entity has an array of ProducerCodes. If a caller has at least one of these producer codes in the JWT, BillingCenter grants restricted access to the producer.

More commonly, there is not a direct relationship between the producer code and the target entities in the data model. BillingCenter must often determine if there is a transitive relationship to the resource using intermediate entities.

For example, there is not a direct relationship between producer codes and invoices in the data model. When a caller using the producer codes access strategy queries for invoices, BillingCenter uses the following logic to get the invoices the caller can access:

  • BillingCenter gets the active policy commissions associated with the caller's producer codes.
  • BillingCenter gets the active item commissions on those policy commissions.
  • BillingCenter gets the invoice items on those item commissions.
  • BillingCenter gets the invoices with those invoice items on them. The caller can access these invoices.

In many cases, this relationship depends on whether or not the resource is related to an active item commission or an active policy commission.

Note: Policy commissions are entities that capture information about the commission that a producer code earns on a policy period. For a policy commission to be active, it means that the producer code is active in its role (such as the primary role) on the policy period. In the data model, this is indicated by DefaultForPolicy being set to true on the policy commission.

Item commissions are entities that capture information that a producer code earns on a specific invoice item. For an item commission to be active, it means that the producer code is currently active in its role on the item. In the data model, this is indicated by Active being set to true on the item commission.

Producer code combinations and roles

A producer often has multiple producer codes. A caller can be authorized with one or more of these producer codes. In some cases, access is restricted based on whether the caller has at least one producer code associated with a resource or all producer codes associated with the resource. For example, if a caller has all of the producer codes on the producer, the caller is granted full access to that producer. If a caller has some (but not all) producer codes on a producer, they can access a restricted view of the producer.

Some resource access varies depending on the role of the producer code. In the base configuration, the only role that affects resource access is the primary role. For example, if a caller provides a producer code which earns commission in the primary role for an invoice item, that caller gets full access to that invoice item. For callers with producer codes that earn commission in non-primary roles on an invoice item, restricted access to the invoice item is granted.

Some resource access is granted purely based on whether the provided producer codes match any producer codes in the BillingCenter database. For example, callers can access all payment plans in BillingCenter if they provide a single valid producer code.

Producer code restricted resource access

If a caller using the producer codes strategy can access a resource, they can either be granted full access, or they can be granted restricted access, where the fields on the resource are limited.

Filtering field access is controlled with the producercoderestricted.accessiblefields.yaml file. For information about this file, see The accessiblefields.yaml files.