@Jag Goraya, looks good. Thanks.

@Hongwei Ji changes for this have been made ... can you confirm it does as expected now please? It can be tested on folio-snapshot. Thx

Thanks @Hongwei Ji

We saw the permission errors in mod-authtoken logs. The reason it breaks is that when a perm set in module descriptor uses an "undefined" perm, for example https://github.com/folio-org/mod-agreements/blob/v2.3.0/service/src/main/okapi/ModuleDescriptor-template.json#L458-L461. Any API that is protected by that "undefined" perm, for example https://github.com/folio-org/mod-agreements/blob/v2.3.0/service/src/main/okapi/ModuleDescriptor-template.json#L167-L170 will not be accessible even if you give user the perm set. Why? mod-authtoken calls mod-permissions to expand perms for that perm set, and mod-permssions will not return that "undefined" perm because it is a dummy permission. Hope this helps.

@Hongwei Ji can you expand on why this is important to you? We only currently list the permissions which we need to for the module to work as intended. As far as we know (potentially with the exception of https://folio-org.atlassian.net/browse/ERM-1079#icft=ERM-1079 mentioned by @Ethan Freestone above) there is no problem with how permissions work for mod-agreements.

Can you expand on your use case and what problem you are trying to solve?