How the producerCodes strategy manages access
The producerCodes strategy is one of the access strategies that manages access to third-party data. The following topic describes the base configuration behavior of this strategy.
The producerCodes strategy determines which claims the user can access by looking for a cc_producerCodes claim in the JWT. This claim contains a list of producer codes that represent the producer. The user can access any claim where the claim's policy's producer of service is associated with one of the producer codes in the JWT.
Resources
This strategy controls access to third-party data for the following resource types:
- Claim
- ClaimContact
- Incident
- AssessmentContentItem
- Exposure
The producerCodes strategy does not limit access to policies. This is because policy information is not considered third-party data from the viewpoint of a producer. If a producer has access to a policy, it is because they are managing the claim on behalf of the insured and are entitled to privileged access to the policy.
Internal "hasAccessOn<Resource>" methods
This strategy uses the following internal methods:
| Method | Returns true if... |
|
|
The producer code for the claim's policy's producer of service is one of the producer codes in the JWT. |
user.hasProducerPrivilegedAccessOnClaimContact
|
The ClaimContact has at least one of the ClaimContact roles
specified in ProducerAccesibleRoles.yaml. |
|
|
The incident has an associated ClaimContact with at least one of
the ClaimContact roles specified in
ProducerAccesibleRoles.yaml. |
|
|
The exposure's claimant also has one of the roles specified in
ProducerAccesibleRoles.yaml. |
ClaimContact role yaml files
This strategy uses the following files:
ProducerAccessibleRoles.yaml
ProducerAccessibleRoles.yaml file itself. Doing so will cause
the producerCodes resource access strategy to not behave as expected.accessiblefields.yaml files
This strategy uses the following files:
restricted.accessiblefields.yaml
Behaviors for each resource type
| Behavior | |
| Claim | |
| Create claim | The user can create a claim provided that the producer code for the producer of service on the claim's policy is one of the producer codes on the JWT. They have privileged view and edit access. |
| View claim | The user can view any claim for which the producer code of service on the policy matches one of their JWT producer codes. They have privileged view. |
| Edit claim | The user can edit any claim for which the producer code of service on the policy matches one of their JWT producer codes. They have privileged edit |
| ClaimContact | |
| Create ClaimContact | The user can create ClaimContacts. They have privileged access for what they can set. If the contact they create has one of the producer accessible roles, then they'll have privileged view access. Otherwise, they have restricted access. |
| View and edit ClaimContact |
The producer has a privileged view of any contact that have one of the producer accessible roles. They have a restricted view on contacts that do not have any of these roles. They can edit contacts that have any of the producer accessible roles. They cannot edit contacts that do not have any of these roles. |
| Incidents | |
| Create incident | The user can create incidents. They have privileged access for what they can set. If the incident they create is attached to a contact with a producer accessible role, they will have a privileged view of the response. Otherwise, they will have a restricted view. |
| View and edit incident |
If the incident is attached to a contact with a producer accessible role, the caller has a privileged view. Otherwise, they have a restricted view. They may edit incidents attached to a contact with any of the producer accessible roles. They may no edit incidents which are not attached to a contact with at least one producer accessible role. |
| Create child of incident | The user can create a child on any incident. They have a privileged view of the incident. |
| View child of incident | The user has a privileged view of every child of every incident. |
| Edit child of incident | The user has privileged edit access for every child of every incident. |
| Exposures | |
| Create exposure | Producers cannot create exposures |
| View exposure | The producer has a privileged view of all exposures where the claimant is a contact with at least one producer accessible role. They have a restricted view of all other exposures. |
| Edit exposure | Producers cannot edit exposures. |
| Service requests | |
| Create service request | Producers cannot create service requests |
| View service request | The producer has a privileged view of all service requests where the service request's customer is a contact with at least one producer accessible role. They have a restricted view of all other service requests. Service request access can also be limited by the types of services in the request. For more information, see Restricting access to service requests based on its services. |
| Edit service request | Producers cannot edit service requests. |