Updated permission names & added edit institute permissions

Updated following permissions:
MANAGE_EDX_DISTRICT_USERS_PERMISSION
MANAGE_EDX_SCHOOL_USERS_PERMISSION

backend/src/routes/edx-router.js

@@ -50,26 +50,26 @@ router.get('/valid-districts-for-messaging', passport.authenticate('jwt', {sessi
 //school-district user access routes
 router.get('/users/roles', passport.authenticate('jwt', {session: false}, undefined), auth.isLoggedInUser, extendSession, utils.forwardGet('getUserRoles', 'server:edx:rootURL', '/users/roles'));
 
-router.get('/users/school/:schoolID', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_SCHOOL_USERS_PERMISSION), extendSession, getEdxSchoolUsers);
-router.get('/users/district/:districtID', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_DISTRICT_USERS_PERMISSION), extendSession, getEdxDistrictUsers);
+router.get('/users/school/:schoolID', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_SCHOOL_USERS_PERMISSION), extendSession, getEdxSchoolUsers);
+router.get('/users/district/:districtID', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_DISTRICT_USERS_PERMISSION), extendSession, getEdxDistrictUsers);
 
-router.post('/users/roles/school', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_SCHOOL_USERS_PERMISSION), extendSession, updateEdxUserSchoolRoles);
-router.post('/users/roles/district', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_DISTRICT_USERS_PERMISSION), extendSession, updateEdxUserDistrictRoles);
+router.post('/users/roles/school', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_SCHOOL_USERS_PERMISSION), extendSession, updateEdxUserSchoolRoles);
+router.post('/users/roles/district', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_DISTRICT_USERS_PERMISSION), extendSession, updateEdxUserDistrictRoles);
 
-router.post('/users/remove/school', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_SCHOOL_USERS_PERMISSION), extendSession, removeUserSchoolAccess);
-router.post('/users/remove/district', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_DISTRICT_USERS_PERMISSION), extendSession, removeUserDistrictAccess);
+router.post('/users/remove/school', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_SCHOOL_USERS_PERMISSION), extendSession, removeUserSchoolAccess);
+router.post('/users/remove/district', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_DISTRICT_USERS_PERMISSION), extendSession, removeUserDistrictAccess);
 
-router.post('/users/relink/school', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_SCHOOL_USERS_PERMISSION), extendSession, relinkUserSchoolAccess);
-router.post('/users/relink/district', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_DISTRICT_USERS_PERMISSION), extendSession, relinkUserDistrictAccess);
+router.post('/users/relink/school', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_SCHOOL_USERS_PERMISSION), extendSession, relinkUserSchoolAccess);
+router.post('/users/relink/district', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_DISTRICT_USERS_PERMISSION), extendSession, relinkUserDistrictAccess);
 
-router.get('/users/activation-code/primary/school/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_SCHOOL_USERS_PERMISSION), extendSession, findSchoolPrimaryEdxActivationCode);
-router.get('/users/activation-code/primary/district/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_DISTRICT_USERS_PERMISSION), extendSession, findDistrictPrimaryEdxActivationCode);
+router.get('/users/activation-code/primary/school/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_SCHOOL_USERS_PERMISSION), extendSession, findSchoolPrimaryEdxActivationCode);
+router.get('/users/activation-code/primary/district/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_DISTRICT_USERS_PERMISSION), extendSession, findDistrictPrimaryEdxActivationCode);
 
-router.post('/users/activation-code/primary/school/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_SCHOOL_USERS_PERMISSION), extendSession, generateOrRegeneratePrimaryEdxActivationSchoolCode);
-router.post('/users/activation-code/primary/district/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_DISTRICT_USERS_PERMISSION), extendSession, generateOrRegeneratePrimaryEdxActivationDistrictCode);
+router.post('/users/activation-code/primary/school/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_SCHOOL_USERS_PERMISSION), extendSession, generateOrRegeneratePrimaryEdxActivationSchoolCode);
+router.post('/users/activation-code/primary/district/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_DISTRICT_USERS_PERMISSION), extendSession, generateOrRegeneratePrimaryEdxActivationDistrictCode);
 
-router.post('/school-user-activation-invite', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_SCHOOL_USERS_PERMISSION), schoolUserActivationInvite);
-router.post('/district-user-activation-invite', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_DISTRICT_USERS_PERMISSION), districtUserActivationInvite);
+router.post('/school-user-activation-invite', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_SCHOOL_USERS_PERMISSION), schoolUserActivationInvite);
+router.post('/district-user-activation-invite', passport.authenticate('jwt', {session: false}, undefined), utils.checkUserHasPermission(PERMISSION.MANAGE_EDX_DISTRICT_USERS_PERMISSION), districtUserActivationInvite);
 
 //edx exchange routes
 router.get('/exchange', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, getExchanges);

backend/src/util/Permission.js

@@ -1,7 +1,7 @@
 const PERMISSION = Object.freeze(
   {
-    MANAGE_DISTRICT_USERS_PERMISSION: 'MANAGE_DISTRICT_USERS_PERMISSION',
-    MANAGE_SCHOOL_USERS_PERMISSION: 'MANAGE_SCHOOL_USERS_PERMISSION',
+    MANAGE_EDX_DISTRICT_USERS_PERMISSION: 'MANAGE_EDX_DISTRICT_USERS_PERMISSION',
+    MANAGE_EDX_SCHOOL_USERS_PERMISSION: 'MANAGE_EDX_SCHOOL_USERS_PERMISSION',
     VIEW_SCHOOL_PERMISSION: 'VIEW_SCHOOL_PERMISSION',
     VIEW_DISTRICT_PERMISSION: 'VIEW_DISTRICT_PERMISSION',
     VIEW_AUTHORITY_PERMISSION: 'VIEW_AUTHORITY_PERMISSION'

frontend/src/components/util/NavBar.vue

@@ -234,7 +234,7 @@ export default {
         },
         {
           title: PAGE_TITLES.ADMINISTRATION,
-          authorized: this.STAFF_ADMINISTRATION_ADMIN || this.hasRequiredPermission(this.userInfo, PERMISSION.MANAGE_DISTRICT_USERS_PERMISSION) || this.hasRequiredPermission(this.userInfo, PERMISSION.MANAGE_SCHOOL_USERS_PERMISSION),
+          authorized: this.STAFF_ADMINISTRATION_ADMIN || this.hasRequiredPermission(this.userInfo, PERMISSION.MANAGE_EDX_DISTRICT_USERS_PERMISSION) || this.hasRequiredPermission(this.userInfo, PERMISSION.MANAGE_EDX_SCHOOL_USERS_PERMISSION),
           items: [
             {
               title: 'Macro Management',
@@ -244,12 +244,12 @@ export default {
             {
               title: 'EDX School Access',
               link: 'exchangeAccess',
-              authorized: this.hasRequiredPermission(this.userInfo, PERMISSION.MANAGE_SCHOOL_USERS_PERMISSION)
+              authorized: this.hasRequiredPermission(this.userInfo, PERMISSION.MANAGE_EDX_SCHOOL_USERS_PERMISSION)
             },
             {
               title: 'EDX District Access',
               link: 'exchangeDistrictAccess',
-              authorized: this.hasRequiredPermission(this.userInfo, PERMISSION.MANAGE_DISTRICT_USERS_PERMISSION)
+              authorized: this.hasRequiredPermission(this.userInfo, PERMISSION.MANAGE_EDX_DISTRICT_USERS_PERMISSION)
             }
           ],
         },

frontend/src/router.js

@@ -359,7 +359,7 @@ const router = createRouter({
           meta: {
             pageTitle: PAGE_TITLES.EXCHANGE_ACCESS,
             requiresAuth: true,
-            permission: PERMISSION.MANAGE_SCHOOL_USERS_PERMISSION
+            permission: PERMISSION.MANAGE_EDX_SCHOOL_USERS_PERMISSION
           }
         },
         {
@@ -370,7 +370,7 @@ const router = createRouter({
           meta: {
             pageTitle: PAGE_TITLES.EXCHANGE_USERS,
             requiresAuth: true,
-            permission: PERMISSION.MANAGE_SCHOOL_USERS_PERMISSION
+            permission: PERMISSION.MANAGE_EDX_SCHOOL_USERS_PERMISSION
           }
         },
         {
@@ -384,7 +384,7 @@ const router = createRouter({
           meta: {
             pageTitle: PAGE_TITLES.EDX_DISTRICT_ACCESS,
             requiresAuth: true,
-            permission: PERMISSION.MANAGE_DISTRICT_USERS_PERMISSION
+            permission: PERMISSION.MANAGE_EDX_DISTRICT_USERS_PERMISSION
           }
         },
         {
@@ -395,7 +395,7 @@ const router = createRouter({
           meta: {
             pageTitle: PAGE_TITLES.EDX_DISTRICT_ACCESS,
             requiresAuth: true,
-            permission: PERMISSION.MANAGE_DISTRICT_USERS_PERMISSION
+            permission: PERMISSION.MANAGE_EDX_DISTRICT_USERS_PERMISSION
           }
         },
         {

frontend/src/utils/constants/Permission.js

@@ -8,9 +8,9 @@ export const PERMISSION = Object.freeze(
 
     STUDENT_DATA_COLLECTION: 'STUDENT_DATA_COLLECTION',
 
-    MANAGE_DISTRICT_USERS_PERMISSION: 'MANAGE_DISTRICT_USERS_PERMISSION',
+    MANAGE_EDX_DISTRICT_USERS_PERMISSION: 'MANAGE_EDX_DISTRICT_USERS_PERMISSION',
 
-    MANAGE_SCHOOL_USERS_PERMISSION: 'MANAGE_SCHOOL_USERS_PERMISSION',
+    MANAGE_EDX_SCHOOL_USERS_PERMISSION: 'MANAGE_EDX_SCHOOL_USERS_PERMISSION',
 
     VIEW_SCHOOL_PERMISSION: 'VIEW_SCHOOL_PERMISSION',
 

tools/config/update-configmap.sh

@@ -137,18 +137,18 @@ curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
   -d "{\"name\" : \"PEN_TEAM_ROLE\",\"description\" : \"PEN team role for Secure Messaging\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
 
 echo
-echo Creating MANAGE_SCHOOL_USERS_PERMISSION permission
+echo Creating MANAGE_EDX_SCHOOL_USERS_PERMISSION permission
 curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
   -H "Content-Type: application/json" \
   -H "Authorization: Bearer $TKN" \
-  -d "{\"name\" : \"MANAGE_SCHOOL_USERS_PERMISSION\",\"description\" : \"Permission to manage school users\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
+  -d "{\"name\" : \"MANAGE_EDX_SCHOOL_USERS_PERMISSION\",\"description\" : \"Permission to manage edx school users\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
 
 echo
-echo Creating MANAGE_DISTRICT_USERS_PERMISSION permission
+echo Creating MANAGE_EDX_DISTRICT_USERS_PERMISSION permission
 curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
   -H "Content-Type: application/json" \
   -H "Authorization: Bearer $TKN" \
-  -d "{\"name\" : \"MANAGE_DISTRICT_USERS_PERMISSION\",\"description\" : \"Permission to manage district users\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
+  -d "{\"name\" : \"MANAGE_EDX_DISTRICT_USERS_PERMISSION\",\"description\" : \"Permission to manage edx district users\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
 
 echo
 echo Creating VIEW_SCHOOL_PERMISSION permission
@@ -172,14 +172,35 @@ curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
   -d "{\"name\" : \"VIEW_AUTHORITY_PERMISSION\",\"description\" : \"Permission to view authority\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
 
 echo
-echo Retrieving MANAGE_SCHOOL_USERS_PERMISSION permission
-manageSchoolUsersPermissionJson=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles/MANAGE_SCHOOL_USERS_PERMISSION" \
+echo Creating EDIT_SCHOOL_PERMISSION permission
+curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TKN" \
+  -d "{\"name\" : \"EDIT_SCHOOL_PERMISSION\",\"description\" : \"Permission to edit school\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
+
+echo
+echo Creating EDIT_DISTRICT_PERMISSION permission
+curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TKN" \
+  -d "{\"name\" : \"EDIT_DISTRICT_PERMISSION\",\"description\" : \"Permission to edit district\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
+
+echo
+echo Creating EDIT_AUTHORITY_PERMISSION permission
+curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TKN" \
+  -d "{\"name\" : \"EDIT_AUTHORITY_PERMISSION\",\"description\" : \"Permission to edit authority\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
+
+echo
+echo Retrieving MANAGE_EDX_SCHOOL_USERS_PERMISSION permission
+manageSchoolUsersPermissionJson=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles/MANAGE_EDX_SCHOOL_USERS_PERMISSION" \
   -H "Content-Type: application/json" \
   -H "Authorization: Bearer $TKN")
 
 echo
-echo Retrieving MANAGE_DISTRICT_USERS_PERMISSION permission
-manageDistrictUsersPermissionJson=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles/MANAGE_DISTRICT_USERS_PERMISSION" \
+echo Retrieving MANAGE_EDX_DISTRICT_USERS_PERMISSION permission
+manageDistrictUsersPermissionJson=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles/MANAGE_EDX_DISTRICT_USERS_PERMISSION" \
   -H "Content-Type: application/json" \
   -H "Authorization: Bearer $TKN")
 
@@ -201,6 +222,24 @@ viewAuthorityPermissionJson=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$
   -H "Content-Type: application/json" \
   -H "Authorization: Bearer $TKN")
 
+echo
+echo Retrieving EDIT_SCHOOL_PERMISSION permission
+editSchoolPermissionJson=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles/EDIT_SCHOOL_PERMISSION" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TKN")
+
+echo
+echo Retrieving EDIT_DISTRICT_PERMISSION permission
+editDistrictPermissionJson=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles/EDIT_DISTRICT_PERMISSION" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TKN")
+
+echo
+echo Retrieving EDIT_AUTHORITY_PERMISSION permission
+editAuthorityPermissionJson=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles/EDIT_AUTHORITY_PERMISSION" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TKN")
+
 echo
 echo Creating EDX_ADMIN role
 curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
@@ -236,6 +275,13 @@ curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
   -H "Authorization: Bearer $TKN" \
   -d "{\"name\" : \"DISTRICT_ADMIN\",\"description\" : \"Allows access to edit Districts\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
 
+echo
+echo Assigning permissions to DISTRICT_ADMIN role 
+curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles/DISTRICT_ADMIN/composites" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TKN" \
+  -d "[$viewSchoolPermissionJson, $viewDistrictPermissionJson, $viewAuthorityPermissionJson, $editDistrictPermissionJson]"
+
 echo
 echo Creating SCHOOL_ADMIN role
 curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
@@ -244,26 +290,39 @@ curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
   -d "{\"name\" : \"SCHOOL_ADMIN\",\"description\" : \"Allows access to edit schools\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
 
 echo
-echo Creating INDEPENDENT_SCHOOLS_ADMIN role
-curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
+echo Assigning permissions to SCHOOL_ADMIN role 
+curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles/SCHOOL_ADMIN/composites" \
   -H "Content-Type: application/json" \
   -H "Authorization: Bearer $TKN" \
-  -d "{\"name\" : \"INDEPENDENT_SCHOOLS_ADMIN\",\"description\" : \"Allows access to edit independent schools\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
+  -d "[$viewSchoolPermissionJson, $viewDistrictPermissionJson, $viewAuthorityPermissionJson, $editSchoolPermissionJson]"
 
 echo
-echo Creating OFFSHORE_SCHOOLS_ADMIN role
+echo Creating INDEPENDENT_AUTHORITY_ADMIN role
 curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
   -H "Content-Type: application/json" \
   -H "Authorization: Bearer $TKN" \
-  -d "{\"name\" : \"OFFSHORE_SCHOOLS_ADMIN\",\"description\" : \"Allows access to edit offshore schools\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
+  -d "{\"name\" : \"INDEPENDENT_AUTHORITY_ADMIN\",\"description\" : \"Allows access to edit Independent Authorities\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
+
+echo
+echo Assigning permissions to INDEPENDENT_AUTHORITY_ADMIN role 
+curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles/INDEPENDENT_AUTHORITY_ADMIN/composites" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TKN" \
+  -d "[$viewSchoolPermissionJson, $viewDistrictPermissionJson, $viewAuthorityPermissionJson, $editAuthorityPermissionJson]"
 
+echo
+echo Creating INDEPENDENT_SCHOOLS_ADMIN role
+curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TKN" \
+  -d "{\"name\" : \"INDEPENDENT_SCHOOLS_ADMIN\",\"description\" : \"Allows access to edit independent schools\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
 
 echo
-echo Creating INDEPENDENT_AUTHORITY_ADMIN role
+echo Creating OFFSHORE_SCHOOLS_ADMIN role
 curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/roles" \
   -H "Content-Type: application/json" \
   -H "Authorization: Bearer $TKN" \
-  -d "{\"name\" : \"INDEPENDENT_AUTHORITY_ADMIN\",\"description\" : \"Allows access to edit Independent Authorities\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
+  -d "{\"name\" : \"OFFSHORE_SCHOOLS_ADMIN\",\"description\" : \"Allows access to edit offshore schools\",\"composite\" : false,\"clientRole\" : false,\"containerId\" : \"$SOAM_KC_REALM_ID\"}"
 
 echo
 echo Creating STUDENT_DATA_COLLECTION role