The demo-server provisions and runs the full suite of Fineract CN microservices. The process of provisioning, and granting permissions is complex, especially with respect to rhythm and the services which rely on it. The provisioning workflow within a tenant in this case is as follows:
demo_server -> provisioner: add identity service to the tenant demo_server -> identity: add user imhotep (as user antony) demo_server -> provisioner: add rhythm service to the tenant provisioner -> rhythm: provision signature with same timestamp as current identity signature. provisioner -> identity: create application with signature returned by rhythm provisioner -> rhythm: ask what permissions rhythm needs provisioner -> identity: create permission request for rhythm to access identity to create permission requests provisioner -> rhythm: initialize (in this case only, tenant data is not in separate databases) demo_server -> identity: grant rhythm's request to create permission requests via the user imhotep. (as user antony) demo_server -> provisioner: add accounting to the tenant demo_server -> provisioner: add portfolio to the tenant provisioner -> portfolio: provision for the given tenant portfolio -> rhythm: request that rhythm make a callback once an hour to portfolio (with system token) rhythm -> identity: create a permission request for rhythm to access portfolio's permittable group named portfolio__v1__khepri (as user imhotep) demo_server -> identity: allow rhythm to call portfolio__v1__khepri as imhotep (as user imhotep) ... rhythm(internally): react to scheduled event; find all beats for all tenants which are currently needed. rhythm -> identity: acquire token to act as imhotep (via application refresh token for rhythm) rhythm -> portfolio: trigger beat (as user imhotep) portfolio -> identity: acquire token to act as imhotep (via application refresh token for portfolio) portfolio -> accounting: transfer interest, late fees, etc (as user imhotep)