Permission microservice (BETA)

  • The Deploy’s Permission service—by default—runs (embedded) on the Deploy server.
  • You can also customize your Deploy installation or upgrade to have the Permission microservice installed on a separate server, if required. This feature is BETA in Deploy 10.3 and is not recommended for use in production setup.


  • The Operator-based installer for Deploy has no support to install the Permissions microservice on a standalone server. If you use the Operator-based installer to install Deploy, go through the Operator-based installation process to install Deploy first and follow the instructions here to install the Permissions microservice on a separate server.
  • There is no separate Docker image available for installing the Permissions microservice on a standalone server.

Run the Permission service as a standalone microservice (BETA)

Here’s how you can have the Permission service run as a standalone microservice.

Important: Make sure the server on which you run the Permission microservice complies with the system requirements stated for the Deploy application server including Java 11.

  1. Download the Permission microservice installation Zip file from the customer download site. For example, download
  2. Log on to the Permission server and extract the installation zip file to a preferred location. Once extracted, you would find the following folders: bin and lib.
  3. Create a new folder called config and create a new file——inside the newly created config folder with the following mandatory properties:

    Note: PostgreSQL values in the following YAML code snippet are used for illustrative purposes only. Use the right values for the database you use.


    Here’s the full list of configurable properties available for the Permission microservice:

    Property (with default value, if any) Mandatory/Optional
    xl.permission-service.database.connection-timeout=30 seconds Optional
    xl.permission-service.database.db-driver-classname= Mandatory
    xl.permission-service.database.db-password= Mandatory
    xl.permission-service.database.db-url= Mandatory
    xl.permission-service.database.db-username= Mandatory
    xl.permission-service.database.idle-timeout=10 minutes Optional
    xl.permission-service.database.leak-detection-threshold=2 minutes Optional
    xl.permission-service.database.max-life-time=30 minutes Optional
    xl.permission-service.database.max-pool-size=10 Optional
    xl.permission-service.database.minimum-idle=10 Optional
    xl.permission-service.database.db-schema-name= Optional
  4. Run the following script to start the Permission service.

    Linux: ./bin/deploy-permission-service Windows: .\bin\deploy-permissions-service

    Make sure the Permission microservice has been successfully started.

  5. Log on to the Deploy application server.
  6. Open the deployit.conf file and add the following two properties to the deployit.conf file.

    vi deployit.conf

    xl.permission.external-service = true
    xl.permission.external-service.uri = {{base_url_to_permission_service_server}}

    {{base_url_to_permission_service_server}} is the FQDN of the Permission server where you run the Permission microservice. For example,

  7. Proceed with the usual Deploy installation steps and start the Deploy application server.
  8. Create roles and permissions and make sure that the roles and permissions you create are stored in the databases on the Permission server.

At any time you can re-initialize the Permission schema data in 10.3 or later using the force-clean-upgrade property. This property is set in the centralConfiguration/deploy-permission-service.yaml file on the Deploy server and can be used for Permission service migration:

    force-clean-upgrade: true

Important: Remove the force-clean-upgrade: true property from the centralConfiguration/deploy-permission-service.yaml file as soon as you complete the installation process as it is required only for migrating the Permissions data, which you would not want to happen every time you restart the Deploy server.