From 86893c7009a0d2f9ed6cc1390feaef242fd5edb0 Mon Sep 17 00:00:00 2001
From: debsmita1 <debsmita.santra@gmail.com>
Date: Mon, 20 Nov 2023 15:19:53 +0530
Subject: [PATCH] feat(rbac): role overview

---
 plugins/rbac-common/src/types.ts              |   5 +
 plugins/rbac/dev/index.tsx                    | 357 +++++++++++++++++-
 plugins/rbac/package.json                     |   4 +-
 plugins/rbac/src/api/RBACBackendClient.ts     |  64 +++-
 plugins/rbac/src/components/AboutCard.tsx     |  69 ++++
 .../rbac/src/components/DeleteRoleDialog.tsx  |   4 +-
 .../rbac/src/components/MembersCard.test.tsx  |  86 +++++
 plugins/rbac/src/components/MembersCard.tsx   |  61 +++
 .../src/components/MembersListColumns.tsx     |  48 +++
 .../src/components/PermissionCard.test.tsx    |  65 ++++
 .../rbac/src/components/PermissionsCard.tsx   |  65 ++++
 .../src/components/PermissionsListColumns.tsx |  33 ++
 .../rbac/src/components/RoleOverviewPage.tsx  |  35 ++
 .../rbac/src/components/RolesList.test.tsx    |  10 +-
 plugins/rbac/src/components/RolesList.tsx     |  13 +-
 .../rbac/src/components/RolesListColumns.tsx  |   5 +-
 plugins/rbac/src/components/Router.tsx        |  17 +
 plugins/rbac/src/components/index.ts          |   1 +
 plugins/rbac/src/hooks/useMembers.ts          |  54 +++
 .../rbac/src/hooks/usePermissionPolicies.ts   |  33 ++
 plugins/rbac/src/plugin.ts                    |   5 +-
 plugins/rbac/src/routes.ts                    |   8 +-
 plugins/rbac/src/types.ts                     |  22 ++
 plugins/rbac/src/utils/rbac-utils.test.ts     | 149 +++++++-
 plugins/rbac/src/utils/rbac-utils.ts          | 141 ++++++-
 25 files changed, 1301 insertions(+), 53 deletions(-)
 create mode 100644 plugins/rbac/src/components/AboutCard.tsx
 create mode 100644 plugins/rbac/src/components/MembersCard.test.tsx
 create mode 100644 plugins/rbac/src/components/MembersCard.tsx
 create mode 100644 plugins/rbac/src/components/MembersListColumns.tsx
 create mode 100644 plugins/rbac/src/components/PermissionCard.test.tsx
 create mode 100644 plugins/rbac/src/components/PermissionsCard.tsx
 create mode 100644 plugins/rbac/src/components/PermissionsListColumns.tsx
 create mode 100644 plugins/rbac/src/components/RoleOverviewPage.tsx
 create mode 100644 plugins/rbac/src/components/Router.tsx
 create mode 100644 plugins/rbac/src/hooks/useMembers.ts
 create mode 100644 plugins/rbac/src/hooks/usePermissionPolicies.ts

diff --git a/plugins/rbac-common/src/types.ts b/plugins/rbac-common/src/types.ts
index b4067159203..b4fbba82720 100644
--- a/plugins/rbac-common/src/types.ts
+++ b/plugins/rbac-common/src/types.ts
@@ -17,3 +17,8 @@ export type UpdatePolicy = {
   oldPolicy: Policy;
   newPolicy: Policy;
 };
+
+export type PermissionPolicy = {
+  pluginId?: string;
+  policies?: Policy[];
+};
diff --git a/plugins/rbac/dev/index.tsx b/plugins/rbac/dev/index.tsx
index b8988a4fd9f..799ede4d717 100644
--- a/plugins/rbac/dev/index.tsx
+++ b/plugins/rbac/dev/index.tsx
@@ -7,10 +7,16 @@ import {
 } from '@backstage/plugin-permission-react';
 import { TestApiProvider } from '@backstage/test-utils';
 
-import { Role, RoleBasedPolicy } from '@janus-idp/backstage-plugin-rbac-common';
+import {
+  PermissionPolicy,
+  Policy,
+  Role,
+  RoleBasedPolicy,
+} from '@janus-idp/backstage-plugin-rbac-common';
 
 import { RBACAPI, rbacApiRef } from '../src/api/RBACBackendClient';
 import { RbacPage, rbacPlugin } from '../src/plugin';
+import { MemberEntity } from '../src/types';
 
 class MockPermissionApi implements PermissionApi {
   readonly result;
@@ -116,9 +122,358 @@ class MockRBACApi implements RBACAPI {
     };
   }
 
+  async getRole(role: string): Promise<Role[]> {
+    const roleresource = this.resources.find(res => res.name === role);
+    return roleresource ? [roleresource] : [];
+  }
+
   async deleteRole(_roleName: string): Promise<any> {
     return { status: 204 };
   }
+
+  async getMembers(): Promise<MemberEntity[]> {
+    return [
+      {
+        metadata: {
+          namespace: 'default',
+          annotations: {},
+          name: 'team-d',
+          description: 'Team D',
+        },
+        apiVersion: 'backstage.io/v1alpha1',
+        kind: 'Group',
+        spec: {
+          type: 'team',
+          profile: {
+            displayName: 'Team D',
+          },
+          parent: 'boxoffice',
+          children: [],
+        },
+        relations: [
+          {
+            type: 'childOf',
+            targetRef: 'group:default/boxoffice',
+          },
+          {
+            type: 'hasMember',
+            targetRef: 'user:default/eva.macdowell',
+          },
+          {
+            type: 'hasMember',
+            targetRef: 'user:default/lucy.sheehan',
+          },
+        ],
+      },
+      {
+        metadata: {
+          namespace: 'default',
+          annotations: {},
+          name: 'infrastructure',
+          description: 'The infra department',
+        },
+        apiVersion: 'backstage.io/v1alpha1',
+        kind: 'Group',
+        spec: {
+          type: 'department',
+          parent: 'acme-corp',
+          children: ['backstage', 'boxoffice'],
+        },
+        relations: [],
+      },
+      {
+        metadata: {
+          namespace: 'default',
+          annotations: {},
+          name: 'guest',
+        },
+        apiVersion: 'backstage.io/v1alpha1',
+        kind: 'User',
+        spec: {
+          profile: {
+            displayName: 'Guest User',
+          },
+          memberOf: ['team-a'],
+        },
+        relations: [
+          {
+            type: 'memberOf',
+            targetRef: 'group:default/team-a',
+          },
+        ],
+      },
+      {
+        metadata: {
+          namespace: 'default',
+          annotations: {},
+          name: 'janus-authors',
+          title: 'Janus-IDP Authors',
+        },
+        apiVersion: 'backstage.io/v1alpha1',
+        kind: 'Group',
+        spec: {
+          type: 'team',
+          children: [],
+        },
+        relations: [],
+      },
+      {
+        metadata: {
+          namespace: 'default',
+          annotations: {},
+          name: 'team-a',
+          description: 'Team A',
+        },
+        apiVersion: 'backstage.io/v1alpha1',
+        kind: 'Group',
+        spec: {
+          type: 'team',
+          profile: {},
+          parent: 'backstage',
+          children: [],
+        },
+        relations: [
+          {
+            type: 'childOf',
+            targetRef: 'group:default/backstage',
+          },
+          {
+            type: 'hasMember',
+            targetRef: 'user:default/breanna.davison',
+          },
+          {
+            type: 'hasMember',
+            targetRef: 'user:default/guest',
+          },
+          {
+            type: 'hasMember',
+            targetRef: 'user:default/janelle.dawe',
+          },
+          {
+            type: 'hasMember',
+            targetRef: 'user:default/nigel.manning',
+          },
+        ],
+      },
+      {
+        metadata: {
+          namespace: 'default',
+          annotations: {},
+          name: 'backstage',
+          description: 'The backstage sub-department',
+        },
+        apiVersion: 'backstage.io/v1alpha1',
+        kind: 'Group',
+        spec: {
+          type: 'sub-department',
+          profile: {
+            displayName: 'Backstage',
+          },
+          parent: 'infrastructure',
+          children: ['team-a', 'team-b'],
+        },
+        relations: [],
+      },
+      {
+        metadata: {
+          namespace: 'default',
+          annotations: {},
+          name: 'team-b',
+          description: 'Team B',
+        },
+        apiVersion: 'backstage.io/v1alpha1',
+        kind: 'Group',
+        spec: {
+          type: 'team',
+          profile: {
+            displayName: 'Team B',
+          },
+          parent: 'backstage',
+          children: [],
+        },
+        relations: [
+          {
+            type: 'hasMember',
+            targetRef: 'user:default/amelia.park',
+          },
+          {
+            type: 'hasMember',
+            targetRef: 'user:default/colette.brock',
+          },
+          {
+            type: 'hasMember',
+            targetRef: 'user:default/jenny.doe',
+          },
+          {
+            type: 'hasMember',
+            targetRef: 'user:default/jonathon.page',
+          },
+          {
+            type: 'hasMember',
+            targetRef: 'user:default/justine.barrow',
+          },
+        ],
+      },
+      {
+        metadata: {
+          namespace: 'default',
+          annotations: {},
+          name: 'lucy.sheehan',
+        },
+        apiVersion: 'backstage.io/v1alpha1',
+        kind: 'User',
+        spec: {
+          profile: {
+            displayName: 'Lucy Sheehan',
+          },
+          memberOf: ['team-d'],
+        },
+        relations: [
+          {
+            type: 'memberOf',
+            targetRef: 'group:default/team-d',
+          },
+        ],
+      },
+      {
+        metadata: {
+          namespace: 'default',
+          annotations: {},
+          name: 'boxoffice',
+          description: 'The boxoffice sub-department',
+        },
+        apiVersion: 'backstage.io/v1alpha1',
+        kind: 'Group',
+        spec: {
+          type: 'sub-department',
+          profile: {
+            displayName: 'Box Office',
+          },
+          parent: 'infrastructure',
+          children: ['team-c', 'team-d'],
+        },
+        relations: [
+          {
+            type: 'childOf',
+            targetRef: 'group:default/infrastructure',
+          },
+          {
+            type: 'parentOf',
+            targetRef: 'group:default/team-c',
+          },
+          {
+            type: 'parentOf',
+            targetRef: 'group:default/team-d',
+          },
+        ],
+      },
+      {
+        metadata: {
+          namespace: 'default',
+          annotations: {},
+          name: 'amelia.park',
+        },
+        apiVersion: 'backstage.io/v1alpha1',
+        kind: 'User',
+        spec: {
+          profile: {
+            displayName: 'Amelia Park',
+          },
+          memberOf: ['team-b'],
+        },
+        relations: [
+          {
+            type: 'memberOf',
+            targetRef: 'group:default/team-b',
+          },
+        ],
+      },
+    ];
+  }
+
+  async listPermissions(): Promise<PermissionPolicy[]> {
+    return [
+      {
+        pluginId: 'catalog',
+        policies: [
+          {
+            permission: 'catalog-entity',
+            policy: 'read',
+          },
+          {
+            permission: 'catalog.entity.create',
+            policy: 'create',
+          },
+          {
+            permission: 'catalog-entity',
+            policy: 'delete',
+          },
+          {
+            permission: 'catalog-entity',
+            policy: 'update',
+          },
+          {
+            permission: 'catalog.location.read',
+            policy: 'read',
+          },
+          {
+            permission: 'catalog.location.create',
+            policy: 'create',
+          },
+          {
+            permission: 'catalog.location.delete',
+            policy: 'delete',
+          },
+        ],
+      },
+      {
+        pluginId: 'scaffolder',
+        policies: [
+          {
+            permission: 'scaffolder-template',
+            policy: 'read',
+          },
+          {
+            permission: 'scaffolder-template',
+            policy: 'read',
+          },
+          {
+            permission: 'scaffolder-action',
+            policy: 'use',
+          },
+        ],
+      },
+      {
+        pluginId: 'permission',
+        policies: [
+          {
+            permission: 'policy-entity',
+            policy: 'read',
+          },
+          {
+            permission: 'policy-entity',
+            policy: 'create',
+          },
+          {
+            permission: 'policy-entity',
+            policy: 'delete',
+          },
+          {
+            permission: 'policy-entity',
+            policy: 'update',
+          },
+        ],
+      },
+    ];
+  }
+
+  async deletePolicy(
+    _entityRef: string,
+    _permission: string,
+    _policies: Policy[],
+  ): Promise<number> {
+    return 204;
+  }
 }
 
 const mockPermissionApi = new MockPermissionApi({ result: 'ALLOW' });
diff --git a/plugins/rbac/package.json b/plugins/rbac/package.json
index ee9f5bcc68d..a13ab15f4cd 100644
--- a/plugins/rbac/package.json
+++ b/plugins/rbac/package.json
@@ -28,6 +28,7 @@
     "@backstage/catalog-model": "^1.4.3",
     "@backstage/core-components": "^0.13.6",
     "@backstage/core-plugin-api": "^1.7.0",
+    "@backstage/plugin-catalog": "^1.15.1",
     "@backstage/plugin-permission-react": "^0.4.16",
     "@backstage/theme": "^0.4.3",
     "@janus-idp/backstage-plugin-rbac-common": "1.1.0",
@@ -39,7 +40,8 @@
     "react-use": "^17.4.0"
   },
   "peerDependencies": {
-    "react": "^16.13.1 || ^17.0.0"
+    "react": "^16.13.1 || ^17.0.0",
+    "react-router-dom": "^6.20.0"
   },
   "devDependencies": {
     "@backstage/cli": "0.23.0",
diff --git a/plugins/rbac/src/api/RBACBackendClient.ts b/plugins/rbac/src/api/RBACBackendClient.ts
index 508e8b11190..1d7bd6a6658 100644
--- a/plugins/rbac/src/api/RBACBackendClient.ts
+++ b/plugins/rbac/src/api/RBACBackendClient.ts
@@ -4,7 +4,14 @@ import {
   IdentityApi,
 } from '@backstage/core-plugin-api';
 
-import { Role, RoleBasedPolicy } from '@janus-idp/backstage-plugin-rbac-common';
+import {
+  PermissionPolicy,
+  Role,
+  RoleBasedPolicy,
+} from '@janus-idp/backstage-plugin-rbac-common';
+
+import { MemberEntity } from '../types';
+import { getKindNamespaceName } from '../utils/rbac-utils';
 
 // @public
 export type RBACAPI = {
@@ -12,6 +19,9 @@ export type RBACAPI = {
   getRoles: () => Promise<Role[]>;
   getPolicies: () => Promise<RoleBasedPolicy[]>;
   deleteRole: (role: string) => Promise<Response>;
+  getRole: (role: string) => Promise<Role[]>;
+  getMembers: () => Promise<MemberEntity[]>;
+  listPermissions: () => Promise<PermissionPolicy[]>;
 };
 
 export type Options = {
@@ -70,21 +80,63 @@ export class RBACBackendClient implements RBACAPI {
   async deleteRole(role: string) {
     const { token: idToken } = await this.identityApi.getCredentials();
     const backendUrl = this.configApi.getString('backend.baseUrl');
-    const str = role.split(':');
-    const kind = str[0];
-    const namespace = str[1].split('/')[0];
-    const name = str[1].split('/')[1];
+    const { kind, namespace, name } = getKindNamespaceName(role);
     const jsonResponse = await fetch(
       `${backendUrl}/api/permission/roles/${kind}/${namespace}/${name}`,
       {
         headers: {
           ...(idToken && { Authorization: `Bearer ${idToken}` }),
           'Content-Type': 'application/json',
-          Accept: 'application/json',
         },
         method: 'DELETE',
       },
     );
     return jsonResponse;
   }
+
+  async getRole(role: string) {
+    const { token: idToken } = await this.identityApi.getCredentials();
+    const backendUrl = this.configApi.getString('backend.baseUrl');
+    const { kind, namespace, name } = getKindNamespaceName(role);
+    const jsonResponse = await fetch(
+      `${backendUrl}/api/permission/roles/${kind}/${namespace}/${name}`,
+      {
+        headers: {
+          ...(idToken && { Authorization: `Bearer ${idToken}` }),
+          'Content-Type': 'application/json',
+        },
+      },
+    );
+    return jsonResponse.json();
+  }
+
+  async getMembers() {
+    const { token: idToken } = await this.identityApi.getCredentials();
+    const backendUrl = this.configApi.getString('backend.baseUrl');
+    const jsonResponse = await fetch(
+      `${backendUrl}/api/catalog/entities?filter=kind=user&filter=kind=group`,
+      {
+        headers: {
+          ...(idToken && { Authorization: `Bearer ${idToken}` }),
+          'Content-Type': 'application/json',
+        },
+      },
+    );
+    return jsonResponse.json();
+  }
+
+  async listPermissions() {
+    const { token: idToken } = await this.identityApi.getCredentials();
+    const backendUrl = this.configApi.getString('backend.baseUrl');
+    const jsonResponse = await fetch(
+      `${backendUrl}/api/permission/plugins/policies`,
+      {
+        headers: {
+          ...(idToken && { Authorization: `Bearer ${idToken}` }),
+          'Content-Type': 'application/json',
+        },
+      },
+    );
+    return jsonResponse.json();
+  }
 }
diff --git a/plugins/rbac/src/components/AboutCard.tsx b/plugins/rbac/src/components/AboutCard.tsx
new file mode 100644
index 00000000000..ab7997c20f3
--- /dev/null
+++ b/plugins/rbac/src/components/AboutCard.tsx
@@ -0,0 +1,69 @@
+import React from 'react';
+
+import { MarkdownContent } from '@backstage/core-components';
+import { AboutField } from '@backstage/plugin-catalog';
+
+import {
+  Card,
+  CardContent,
+  CardHeader,
+  Grid,
+  makeStyles,
+} from '@material-ui/core';
+
+const useStyles = makeStyles({
+  gridItemCard: {
+    display: 'flex',
+    flexDirection: 'column',
+    height: 'calc(100% - 10px)', // for pages without content header
+    marginBottom: '10px',
+  },
+  fullHeightCard: {
+    display: 'flex',
+    flexDirection: 'column',
+    height: '100%',
+  },
+  gridItemCardContent: {
+    flex: 1,
+  },
+  fullHeightCardContent: {
+    flex: 1,
+  },
+  text: {
+    wordBreak: 'break-word',
+  },
+});
+
+export const AboutCard = () => {
+  const classes = useStyles();
+  const cardClass = classes.gridItemCard;
+  const cardContentClass = classes.gridItemCardContent;
+
+  return (
+    <Card className={cardClass}>
+      <CardHeader title="About" />
+      <CardContent className={cardContentClass}>
+        <Grid container>
+          <AboutField label="Description" gridSizes={{ xs: 4, sm: 8, lg: 4 }}>
+            <MarkdownContent
+              className={classes.text}
+              content="No description"
+            />
+          </AboutField>
+          <AboutField label="Modified By" gridSizes={{ xs: 4, sm: 8, lg: 4 }}>
+            <MarkdownContent
+              className={classes.text}
+              content="No information"
+            />
+          </AboutField>
+          <AboutField label="Last Modified" gridSizes={{ xs: 4, sm: 8, lg: 4 }}>
+            <MarkdownContent
+              className={classes.text}
+              content="No information"
+            />
+          </AboutField>
+        </Grid>
+      </CardContent>
+    </Card>
+  );
+};
diff --git a/plugins/rbac/src/components/DeleteRoleDialog.tsx b/plugins/rbac/src/components/DeleteRoleDialog.tsx
index 99f20e75ad2..f046a545489 100644
--- a/plugins/rbac/src/components/DeleteRoleDialog.tsx
+++ b/plugins/rbac/src/components/DeleteRoleDialog.tsx
@@ -133,9 +133,8 @@ const DeleteRoleDialog = ({
         >{`${propOptions.permissions} permission policies`}</span>{' '}
         specified in this role.
         <br />
-        <br />
-        <br />
         <TextField
+          style={{ marginTop: '24px' }}
           required
           data-testid="delete-name"
           variant="outlined"
@@ -156,6 +155,7 @@ const DeleteRoleDialog = ({
           paddingLeft: '25px',
           paddingBottom: '30px',
           justifyContent: 'left',
+          paddingTop: '16px',
         }}
       >
         <Button
diff --git a/plugins/rbac/src/components/MembersCard.test.tsx b/plugins/rbac/src/components/MembersCard.test.tsx
new file mode 100644
index 00000000000..f5f01fc2494
--- /dev/null
+++ b/plugins/rbac/src/components/MembersCard.test.tsx
@@ -0,0 +1,86 @@
+import React from 'react';
+
+import { renderInTestApp } from '@backstage/test-utils';
+
+import { useMembers } from '../hooks/useMembers';
+import { MembersData } from '../types';
+import { MembersCard } from './MembersCard';
+
+jest.mock('../hooks/useMembers', () => ({
+  useMembers: jest.fn(),
+}));
+
+const useMembersMockData: MembersData[] = [
+  {
+    name: 'Amelia Park',
+    type: 'User',
+    ref: {
+      namespace: 'default',
+      kind: 'user',
+      name: 'amelia.park',
+    },
+    members: 0,
+  },
+  {
+    name: 'Calum Leavy',
+    type: 'User',
+    ref: {
+      namespace: 'default',
+      kind: 'user',
+      name: 'calum.leavy',
+    },
+    members: 0,
+  },
+  {
+    name: 'Team B',
+    type: 'Group',
+    ref: {
+      namespace: 'default',
+      kind: 'group',
+      name: 'team-b',
+    },
+    members: 5,
+  },
+  {
+    name: 'Team C',
+    type: 'Group',
+    ref: {
+      namespace: 'default',
+      kind: 'group',
+      name: 'team-c',
+    },
+    members: 5,
+  },
+];
+
+const mockMembers = useMembers as jest.MockedFunction<typeof useMembers>;
+
+describe('MembersCard', () => {
+  it('should show list of Users and groups associated with the role when the data is loaded', async () => {
+    mockMembers.mockReturnValue({
+      loading: false,
+      data: useMembersMockData,
+      retry: () => {},
+    });
+    const { queryByText } = await renderInTestApp(
+      <MembersCard roleName="role:default/rbac_admin" />,
+    );
+    expect(queryByText('Users and groups (2 Users, 2 Groups)')).not.toBeNull();
+    expect(queryByText('Calum Leavy')).not.toBeNull();
+    expect(queryByText('Amelia Park')).not.toBeNull();
+    expect(queryByText('Team B')).not.toBeNull();
+  });
+
+  it('should show empty table when there are no users and groups', async () => {
+    mockMembers.mockReturnValue({
+      loading: false,
+      data: [],
+      retry: () => {},
+    });
+    const { queryByText } = await renderInTestApp(
+      <MembersCard roleName="role:default/rbac_admin" />,
+    );
+    expect(queryByText('Users and groups')).not.toBeNull();
+    expect(queryByText('No members found')).not.toBeNull();
+  });
+});
diff --git a/plugins/rbac/src/components/MembersCard.tsx b/plugins/rbac/src/components/MembersCard.tsx
new file mode 100644
index 00000000000..89127af8fc8
--- /dev/null
+++ b/plugins/rbac/src/components/MembersCard.tsx
@@ -0,0 +1,61 @@
+import React from 'react';
+
+import { Table } from '@backstage/core-components';
+
+import { Card, CardContent, makeStyles } from '@material-ui/core';
+import CachedIcon from '@material-ui/icons/Cached';
+
+import { useMembers } from '../hooks/useMembers';
+import { getMembers } from '../utils/rbac-utils';
+import { columns } from './MembersListColumns';
+
+type MembersCardProps = {
+  roleName: string;
+};
+
+const useStyles = makeStyles(theme => ({
+  empty: {
+    padding: theme.spacing(2),
+    display: 'flex',
+    justifyContent: 'center',
+  },
+}));
+
+const getRefreshIcon = () => <CachedIcon />;
+
+export const MembersCard = ({ roleName }: MembersCardProps) => {
+  const { data, loading, retry } = useMembers(roleName);
+
+  const classes = useStyles();
+
+  return (
+    <Card>
+      <CardContent>
+        <Table
+          title={
+            !loading && data?.length
+              ? `Users and groups (${getMembers(data)})`
+              : 'Users and groups'
+          }
+          actions={[
+            {
+              icon: getRefreshIcon,
+              tooltip: 'Refresh',
+              isFreeAction: true,
+              onClick: () => retry(),
+            },
+          ]}
+          options={{ padding: 'default', search: true, paging: true }}
+          data={data ?? []}
+          isLoading={loading}
+          columns={columns}
+          emptyContent={
+            <div data-testid="members-table-empty" className={classes.empty}>
+              No members found
+            </div>
+          }
+        />
+      </CardContent>
+    </Card>
+  );
+};
diff --git a/plugins/rbac/src/components/MembersListColumns.tsx b/plugins/rbac/src/components/MembersListColumns.tsx
new file mode 100644
index 00000000000..4fbef72c332
--- /dev/null
+++ b/plugins/rbac/src/components/MembersListColumns.tsx
@@ -0,0 +1,48 @@
+import React from 'react';
+
+import { Link, TableColumn } from '@backstage/core-components';
+
+import { MembersData } from '../types';
+
+export const columns: TableColumn<MembersData>[] = [
+  {
+    title: 'Name',
+    field: 'name',
+    type: 'string',
+    render: props => {
+      return (
+        <Link
+          to={`/catalog/${props.ref.namespace}/${props.ref.kind}/${props.ref.name}`}
+        >
+          {props.name}
+        </Link>
+      );
+    },
+  },
+  {
+    title: 'Type',
+    field: 'type',
+    type: 'string',
+  },
+  {
+    title: 'Members',
+    field: 'members',
+    type: 'numeric',
+    align: 'left',
+    render: (props: MembersData) => {
+      return props.type === 'User' ? '-' : props.members;
+    },
+    customSort: (a, b) => {
+      if (a.members === 0) {
+        return -1;
+      }
+      if (b.members === 0) {
+        return 1;
+      }
+      if (a.members === b.members) {
+        return 0;
+      }
+      return a.members < b.members ? -1 : 1;
+    },
+  },
+];
diff --git a/plugins/rbac/src/components/PermissionCard.test.tsx b/plugins/rbac/src/components/PermissionCard.test.tsx
new file mode 100644
index 00000000000..06ac17586ff
--- /dev/null
+++ b/plugins/rbac/src/components/PermissionCard.test.tsx
@@ -0,0 +1,65 @@
+import React from 'react';
+
+import { renderInTestApp } from '@backstage/test-utils';
+
+import { usePermissionPolicies } from '../hooks/usePermissionPolicies';
+import { PermissionsData } from '../types';
+import { PermissionsCard } from './PermissionsCard';
+
+jest.mock('../hooks/usePermissionPolicies', () => ({
+  usePermissionPolicies: jest.fn(),
+}));
+
+const usePermissionPoliciesMockData: PermissionsData[] = [
+  {
+    permission: 'policy-entity',
+    plugin: 'permission',
+    policyString: new Set(['read', ', create', ', delete']),
+    policies: new Set([
+      {
+        policy: 'read',
+        effect: 'allow',
+      },
+      {
+        policy: 'create',
+        effect: 'allow',
+      },
+      {
+        policy: 'delete',
+        effect: 'allow',
+      },
+    ]),
+  },
+];
+
+const mockPermissionPolicies = usePermissionPolicies as jest.MockedFunction<
+  typeof usePermissionPolicies
+>;
+
+describe('PermissionsCard', () => {
+  it('should show list of Permission Policies when the data is loaded', async () => {
+    mockPermissionPolicies.mockReturnValue({
+      loading: false,
+      data: usePermissionPoliciesMockData,
+      retry: () => {},
+    });
+    const { queryByText } = await renderInTestApp(
+      <PermissionsCard entityReference="user:default/debsmita1" />,
+    );
+    expect(queryByText('Permission Policies (3)')).not.toBeNull();
+    expect(queryByText('read, create, delete')).not.toBeNull();
+  });
+
+  it('should show empty table when there are no permission policies', async () => {
+    mockPermissionPolicies.mockReturnValue({
+      loading: false,
+      data: [],
+      retry: () => {},
+    });
+    const { queryByText } = await renderInTestApp(
+      <PermissionsCard entityReference="user:default/debsmita1" />,
+    );
+    expect(queryByText('Permission Policies (0)')).not.toBeNull();
+    expect(queryByText('No permissions found')).not.toBeNull();
+  });
+});
diff --git a/plugins/rbac/src/components/PermissionsCard.tsx b/plugins/rbac/src/components/PermissionsCard.tsx
new file mode 100644
index 00000000000..e79b93fd031
--- /dev/null
+++ b/plugins/rbac/src/components/PermissionsCard.tsx
@@ -0,0 +1,65 @@
+import React from 'react';
+
+import { Table } from '@backstage/core-components';
+
+import { Card, CardContent, makeStyles } from '@material-ui/core';
+import CachedIcon from '@material-ui/icons/Cached';
+
+import { usePermissionPolicies } from '../hooks/usePermissionPolicies';
+import { columns } from './PermissionsListColumns';
+
+const useStyles = makeStyles(theme => ({
+  empty: {
+    padding: theme.spacing(2),
+    display: 'flex',
+    justifyContent: 'center',
+  },
+}));
+
+type PermissionsCardProps = {
+  entityReference: string;
+};
+
+const getRefreshIcon = () => <CachedIcon />;
+
+export const PermissionsCard = ({ entityReference }: PermissionsCardProps) => {
+  const { data, loading, retry } = usePermissionPolicies(entityReference);
+
+  const classes = useStyles();
+
+  let numberOfPolicies = 0;
+  data.forEach(p => {
+    numberOfPolicies = numberOfPolicies + p.policies.size;
+  });
+
+  return (
+    <Card>
+      <CardContent>
+        <Table
+          title={
+            !loading
+              ? `Permission Policies (${numberOfPolicies})`
+              : 'Permission Policies'
+          }
+          actions={[
+            {
+              icon: getRefreshIcon,
+              tooltip: 'Refresh',
+              isFreeAction: true,
+              onClick: () => retry(),
+            },
+          ]}
+          options={{ padding: 'default', search: true, paging: true }}
+          data={data ?? []}
+          columns={columns}
+          isLoading={loading}
+          emptyContent={
+            <div data-testid="permission-table-empty" className={classes.empty}>
+              No permissions found
+            </div>
+          }
+        />
+      </CardContent>
+    </Card>
+  );
+};
diff --git a/plugins/rbac/src/components/PermissionsListColumns.tsx b/plugins/rbac/src/components/PermissionsListColumns.tsx
new file mode 100644
index 00000000000..8e2f09aa93b
--- /dev/null
+++ b/plugins/rbac/src/components/PermissionsListColumns.tsx
@@ -0,0 +1,33 @@
+import { TableColumn } from '@backstage/core-components';
+
+import { PermissionsData } from '../types';
+
+export const columns: TableColumn<PermissionsData>[] = [
+  {
+    title: 'Plugin',
+    field: 'plugin',
+    type: 'string',
+  },
+  {
+    title: 'Permission',
+    field: 'permission',
+    type: 'string',
+  },
+  {
+    title: 'Policies',
+    field: 'policyString',
+    type: 'string',
+    customSort: (a, b) => {
+      if (a.policies.size === 0) {
+        return -1;
+      }
+      if (b.policies.size === 0) {
+        return 1;
+      }
+      if (a.policies.size === b.policies.size) {
+        return 0;
+      }
+      return a.policies.size < b.policies.size ? -1 : 1;
+    },
+  },
+];
diff --git a/plugins/rbac/src/components/RoleOverviewPage.tsx b/plugins/rbac/src/components/RoleOverviewPage.tsx
new file mode 100644
index 00000000000..2bcfc36f95a
--- /dev/null
+++ b/plugins/rbac/src/components/RoleOverviewPage.tsx
@@ -0,0 +1,35 @@
+import React from 'react';
+import { useParams } from 'react-router-dom';
+
+import { Header, Page, TabbedLayout } from '@backstage/core-components';
+
+import { Grid } from '@material-ui/core';
+
+import { AboutCard } from './AboutCard';
+import { MembersCard } from './MembersCard';
+import { PermissionsCard } from './PermissionsCard';
+
+export const RoleOverviewPage = () => {
+  const { roleName, roleKind } = useParams();
+
+  return (
+    <Page themeId="tool">
+      <Header title={`${roleKind}/${roleName}`} type="RBAC" typeLink="/rbac" />
+      <TabbedLayout>
+        <TabbedLayout.Route path="" title="Overview">
+          <Grid container direction="row">
+            <Grid item lg={12} xs={12}>
+              <AboutCard />
+            </Grid>
+            <Grid item lg={6} xs={6}>
+              <MembersCard roleName={`${roleKind}/${roleName}`} />
+            </Grid>
+            <Grid item lg={6} xs={6}>
+              <PermissionsCard entityReference={`${roleKind}/${roleName}`} />
+            </Grid>
+          </Grid>
+        </TabbedLayout.Route>
+      </TabbedLayout>
+    </Page>
+  );
+};
diff --git a/plugins/rbac/src/components/RolesList.test.tsx b/plugins/rbac/src/components/RolesList.test.tsx
index 5c79ae600e3..7bd7caeae6e 100644
--- a/plugins/rbac/src/components/RolesList.test.tsx
+++ b/plugins/rbac/src/components/RolesList.test.tsx
@@ -51,14 +51,6 @@ const RequirePermissionMock = RequirePermission as jest.MockedFunction<
 >;
 
 describe('RolesList', () => {
-  it('should show Progress when roles are still loading', async () => {
-    RequirePermissionMock.mockImplementation(props => <>{props.children}</>);
-    mockUsePermission.mockReturnValue({ loading: false, allowed: true });
-    mockUseRoles.mockReturnValue({ loading: true, data: [], retry: () => {} });
-    const { getByTestId } = await renderInTestApp(<RolesList />);
-    expect(getByTestId('roles-progress')).not.toBeNull();
-  });
-
   it('should show list of roles when the roles are loaded', async () => {
     RequirePermissionMock.mockImplementation(props => <>{props.children}</>);
     mockUsePermission.mockReturnValue({ loading: false, allowed: true });
@@ -74,7 +66,7 @@ describe('RolesList', () => {
     expect(queryByText('1 User, 1 Group')).not.toBeNull();
   });
 
-  it('should show empty state when there are no roles', async () => {
+  it('should show empty table when there are no roles', async () => {
     RequirePermissionMock.mockImplementation(props => <>{props.children}</>);
     mockUsePermission.mockReturnValue({ loading: false, allowed: true });
     mockUseRoles.mockReturnValue({ loading: false, data: [], retry: () => {} });
diff --git a/plugins/rbac/src/components/RolesList.tsx b/plugins/rbac/src/components/RolesList.tsx
index 6430b4bd262..7c9e5720b08 100644
--- a/plugins/rbac/src/components/RolesList.tsx
+++ b/plugins/rbac/src/components/RolesList.tsx
@@ -1,6 +1,6 @@
 import React from 'react';
 
-import { Progress, Table } from '@backstage/core-components';
+import { Table } from '@backstage/core-components';
 
 import { makeStyles } from '@material-ui/core';
 import Alert from '@mui/material/Alert';
@@ -34,14 +34,6 @@ export const RolesList = () => {
     retry();
   };
 
-  if (loading) {
-    return (
-      <div data-testid="roles-progress">
-        <Progress />
-      </div>
-    );
-  }
-
   const onAlertClose = () => {
     setToastMessage('');
   };
@@ -75,11 +67,12 @@ export const RolesList = () => {
         })`}
         options={{ padding: 'default', search: true, paging: true }}
         data={data}
+        isLoading={loading}
         columns={columns}
         renderSummaryRow={summary => onSearchResultsChange(summary.data)}
         emptyContent={
           <div data-testid="roles-table-empty" className={classes.empty}>
-            No roles found&nbsp;
+            No roles found
           </div>
         }
       />
diff --git a/plugins/rbac/src/components/RolesListColumns.tsx b/plugins/rbac/src/components/RolesListColumns.tsx
index 7f3dc4a80d0..840950054ed 100644
--- a/plugins/rbac/src/components/RolesListColumns.tsx
+++ b/plugins/rbac/src/components/RolesListColumns.tsx
@@ -1,6 +1,6 @@
 import React from 'react';
 
-import { TableColumn } from '@backstage/core-components';
+import { Link, TableColumn } from '@backstage/core-components';
 
 import { RolesData } from '../types';
 import { getMembers } from '../utils/rbac-utils';
@@ -11,6 +11,9 @@ export const columns: TableColumn<RolesData>[] = [
     title: 'Name',
     field: 'name',
     type: 'string',
+    render: (props: RolesData) => (
+      <Link to={`roles/${props.name}`}>{props.name}</Link>
+    ),
   },
   {
     title: 'Users and groups',
diff --git a/plugins/rbac/src/components/Router.tsx b/plugins/rbac/src/components/Router.tsx
new file mode 100644
index 00000000000..ddbe95405dd
--- /dev/null
+++ b/plugins/rbac/src/components/Router.tsx
@@ -0,0 +1,17 @@
+import React from 'react';
+import { Route, Routes } from 'react-router-dom';
+
+import { roleRouteRef } from '../routes';
+import { RbacPage } from './RbacPage';
+import { RoleOverviewPage } from './RoleOverviewPage';
+
+/**
+ *
+ * @public
+ */
+export const Router = () => (
+  <Routes>
+    <Route path="/" element={<RbacPage />} />
+    <Route path={roleRouteRef.path} element={<RoleOverviewPage />} />
+  </Routes>
+);
diff --git a/plugins/rbac/src/components/index.ts b/plugins/rbac/src/components/index.ts
index 4cdc014f03b..27096780920 100644
--- a/plugins/rbac/src/components/index.ts
+++ b/plugins/rbac/src/components/index.ts
@@ -1,2 +1,3 @@
 export { RbacPage } from './RbacPage';
 export { Administration } from './Administration';
+export { RoleOverviewPage } from './RoleOverviewPage';
diff --git a/plugins/rbac/src/hooks/useMembers.ts b/plugins/rbac/src/hooks/useMembers.ts
new file mode 100644
index 00000000000..33359dd5cf0
--- /dev/null
+++ b/plugins/rbac/src/hooks/useMembers.ts
@@ -0,0 +1,54 @@
+import React from 'react';
+import { useAsync, useAsyncRetry } from 'react-use';
+
+import { stringifyEntityRef } from '@backstage/catalog-model';
+import { useApi } from '@backstage/core-plugin-api';
+
+import { rbacApiRef } from '../api/RBACBackendClient';
+import { MembersData } from '../types';
+import { getMembersFromGroup } from '../utils/rbac-utils';
+
+export const useMembers = (roleName: string) => {
+  const rbacApi = useApi(rbacApiRef);
+  const {
+    loading: rolesLoading,
+    value: role,
+    retry,
+  } = useAsyncRetry(async () => {
+    return await rbacApi.getRole(roleName);
+  });
+
+  const { loading: membersLoading, value: members } = useAsync(async () => {
+    return await rbacApi.getMembers();
+  });
+
+  const data = React.useMemo(
+    () =>
+      role?.[0].memberReferences.reduce((acc: MembersData[], ref) => {
+        const memberResource = members?.find(
+          member => stringifyEntityRef(member) === ref,
+        );
+        if (memberResource) {
+          acc.push({
+            name:
+              memberResource.spec.profile?.displayName ??
+              memberResource.metadata.name,
+            type: memberResource.kind,
+            ref: {
+              namespace: memberResource.metadata.namespace ?? '',
+              kind: memberResource.kind.toLowerCase(),
+              name: memberResource.metadata.name,
+            },
+            members:
+              memberResource.kind === 'Group'
+                ? getMembersFromGroup(memberResource)
+                : 0,
+          });
+        }
+        return acc;
+      }, []),
+    [role, members],
+  );
+
+  return { loading: rolesLoading && membersLoading, data, retry };
+};
diff --git a/plugins/rbac/src/hooks/usePermissionPolicies.ts b/plugins/rbac/src/hooks/usePermissionPolicies.ts
new file mode 100644
index 00000000000..099e7bf826b
--- /dev/null
+++ b/plugins/rbac/src/hooks/usePermissionPolicies.ts
@@ -0,0 +1,33 @@
+import React from 'react';
+import { useAsync, useAsyncRetry } from 'react-use';
+
+import { useApi } from '@backstage/core-plugin-api';
+
+import { rbacApiRef } from '../api/RBACBackendClient';
+import { getPermissionsData } from '../utils/rbac-utils';
+
+export const usePermissionPolicies = (entityReference: string) => {
+  const rbacApi = useApi(rbacApiRef);
+  const {
+    loading: policiesLoading,
+    value: policies,
+    retry,
+  } = useAsyncRetry(async () => {
+    return await rbacApi.getPolicies();
+  });
+  const { value: permissionPolicies } = useAsync(async () => {
+    return await rbacApi.listPermissions();
+  });
+
+  const data = React.useMemo(
+    () =>
+      getPermissionsData(
+        Array.isArray(policies) ? policies : [],
+        Array.isArray(permissionPolicies) ? permissionPolicies : [],
+        entityReference,
+      ),
+    [policies, permissionPolicies, entityReference],
+  );
+
+  return { loading: policiesLoading, data, retry };
+};
diff --git a/plugins/rbac/src/plugin.ts b/plugins/rbac/src/plugin.ts
index e920e1a830c..e66fa311fd0 100644
--- a/plugins/rbac/src/plugin.ts
+++ b/plugins/rbac/src/plugin.ts
@@ -8,12 +8,13 @@ import {
 } from '@backstage/core-plugin-api';
 
 import { rbacApiRef, RBACBackendClient } from './api/RBACBackendClient';
-import { rootRouteRef } from './routes';
+import { roleRouteRef, rootRouteRef } from './routes';
 
 export const rbacPlugin = createPlugin({
   id: 'rbac',
   routes: {
     root: rootRouteRef,
+    role: roleRouteRef,
   },
   apis: [
     createApiFactory({
@@ -31,7 +32,7 @@ export const rbacPlugin = createPlugin({
 export const RbacPage = rbacPlugin.provide(
   createRoutableExtension({
     name: 'RbacPage',
-    component: () => import('./components').then(m => m.RbacPage),
+    component: () => import('./components/Router').then(m => m.Router),
     mountPoint: rootRouteRef,
   }),
 );
diff --git a/plugins/rbac/src/routes.ts b/plugins/rbac/src/routes.ts
index 723cae6f9dc..f5a6b6976fa 100644
--- a/plugins/rbac/src/routes.ts
+++ b/plugins/rbac/src/routes.ts
@@ -1,5 +1,11 @@
-import { createRouteRef } from '@backstage/core-plugin-api';
+import { createRouteRef, createSubRouteRef } from '@backstage/core-plugin-api';
 
 export const rootRouteRef = createRouteRef({
   id: 'rbac',
 });
+
+export const roleRouteRef = createSubRouteRef({
+  id: 'rbac-role-overview',
+  parent: rootRouteRef,
+  path: '/roles/:roleKind/:roleName',
+});
diff --git a/plugins/rbac/src/types.ts b/plugins/rbac/src/types.ts
index a26b1c29a68..955248a9534 100644
--- a/plugins/rbac/src/types.ts
+++ b/plugins/rbac/src/types.ts
@@ -1,3 +1,5 @@
+import { GroupEntity, UserEntity } from '@backstage/catalog-model';
+
 export type RolesData = {
   name: string;
   description: string;
@@ -7,3 +9,23 @@ export type RolesData = {
   lastModified: string;
   permissionResult: { allowed: boolean; loading: boolean };
 };
+
+export type MembersData = {
+  name: string;
+  type: 'User' | 'Group';
+  members: number;
+  ref: {
+    name: string;
+    namespace: string;
+    kind: string;
+  };
+};
+
+export type PermissionsData = {
+  plugin: string;
+  permission: string;
+  policies: Set<{ policy: string; effect: string }>;
+  policyString: Set<string>;
+};
+
+export type MemberEntity = UserEntity | GroupEntity;
diff --git a/plugins/rbac/src/utils/rbac-utils.test.ts b/plugins/rbac/src/utils/rbac-utils.test.ts
index c79319dcab7..642342bb017 100644
--- a/plugins/rbac/src/utils/rbac-utils.test.ts
+++ b/plugins/rbac/src/utils/rbac-utils.test.ts
@@ -1,4 +1,12 @@
-import { getMembers, getPermissions } from './rbac-utils';
+import { GroupEntity } from '@backstage/catalog-model';
+
+import {
+  getKindNamespaceName,
+  getMembers,
+  getMembersFromGroup,
+  getPermissions,
+  getPluginId,
+} from './rbac-utils';
 
 const mockPolicies = [
   {
@@ -45,6 +53,52 @@ const mockPolicies = [
   },
 ];
 
+const mockPermissionPolicies = [
+  {
+    pluginId: 'catalog',
+    policies: [
+      {
+        permission: 'catalog-entity',
+        policy: 'read',
+      },
+      {
+        permission: 'catalog.entity.create',
+        policy: 'create',
+      },
+    ],
+  },
+  {
+    pluginId: 'scaffolder',
+    policies: [
+      {
+        permission: 'scaffolder-template',
+        policy: 'read',
+      },
+      {
+        permission: 'scaffolder-action',
+        policy: 'use',
+      },
+    ],
+  },
+  {
+    pluginId: 'permission',
+    policies: [
+      {
+        permission: 'policy-entity',
+        policy: 'read',
+      },
+      {
+        permission: 'policy-entity',
+        policy: 'create',
+      },
+      {
+        permission: 'policy-entity',
+        policy: 'update',
+      },
+    ],
+  },
+];
+
 describe('rbac utils', () => {
   it('should list associated permissions for a role', () => {
     expect(getPermissions('role:default/guests', mockPolicies)).toBe(2);
@@ -69,4 +123,97 @@ describe('rbac utils', () => {
 
     expect(getMembers([])).toBe('No members');
   });
+
+  it('should return number of members in a group', () => {
+    let resource: GroupEntity = {
+      metadata: {
+        namespace: 'default',
+        annotations: {},
+        name: 'team-b',
+        description: 'Team B',
+      },
+      apiVersion: 'backstage.io/v1alpha1',
+      kind: 'Group',
+      spec: {
+        type: 'team',
+        profile: {},
+        parent: 'backstage',
+        children: [],
+      },
+      relations: [
+        {
+          type: 'childOf',
+          targetRef: 'group:default/backstage',
+        },
+        {
+          type: 'hasMember',
+          targetRef: 'user:default/amelia.park',
+        },
+        {
+          type: 'hasMember',
+          targetRef: 'user:default/colette.brock',
+        },
+        {
+          type: 'hasMember',
+          targetRef: 'user:default/jenny.doe',
+        },
+        {
+          type: 'hasMember',
+          targetRef: 'user:default/jonathon.page',
+        },
+        {
+          type: 'hasMember',
+          targetRef: 'user:default/justine.barrow',
+        },
+      ],
+    };
+    expect(getMembersFromGroup(resource)).toBe(5);
+
+    resource = {
+      metadata: {
+        namespace: 'default',
+        annotations: {},
+        name: 'team-b',
+        description: 'Team B',
+      },
+      apiVersion: 'backstage.io/v1alpha1',
+      kind: 'Group',
+      spec: {
+        type: 'team',
+        profile: {},
+        parent: 'backstage',
+        children: [],
+      },
+      relations: [
+        {
+          type: 'childOf',
+          targetRef: 'group:default/backstage',
+        },
+      ],
+    };
+
+    expect(getMembersFromGroup(resource)).toBe(0);
+  });
+
+  it('should return plugin-id of the policy', () => {
+    expect(getPluginId(mockPermissionPolicies, 'catalog-entity')).toBe(
+      'catalog',
+    );
+    expect(getPluginId(mockPermissionPolicies, 'scaffolder-template')).toBe(
+      'scaffolder',
+    );
+  });
+
+  it('should return kind, namespace and name from the reference', () => {
+    expect(getKindNamespaceName('role:default/xyz')).toEqual({
+      kind: 'role',
+      namespace: 'default',
+      name: 'xyz',
+    });
+    expect(getKindNamespaceName('role:abc/test')).toEqual({
+      kind: 'role',
+      namespace: 'abc',
+      name: 'test',
+    });
+  });
 });
diff --git a/plugins/rbac/src/utils/rbac-utils.ts b/plugins/rbac/src/utils/rbac-utils.ts
index 8a1c35003f4..364ecccd6ac 100644
--- a/plugins/rbac/src/utils/rbac-utils.ts
+++ b/plugins/rbac/src/utils/rbac-utils.ts
@@ -1,12 +1,21 @@
-import { isUserEntity, parseEntityRef } from '@backstage/catalog-model';
+import {
+  GroupEntity,
+  isUserEntity,
+  parseEntityRef,
+} from '@backstage/catalog-model';
 
-import { RoleBasedPolicy } from '@janus-idp/backstage-plugin-rbac-common';
+import {
+  PermissionPolicy,
+  RoleBasedPolicy,
+} from '@janus-idp/backstage-plugin-rbac-common';
+
+import { MembersData, PermissionsData } from '../types';
 
 export const getPermissions = (
   role: string,
   policies: RoleBasedPolicy[],
 ): number => {
-  if (!policies || policies?.length === 0) {
+  if (!policies || policies?.length === 0 || !Array.isArray(policies)) {
     return 0;
   }
   return policies.filter(
@@ -14,33 +23,127 @@ export const getPermissions = (
   ).length;
 };
 
-export const getMembers = (memberReferences: string[]): string => {
-  if (!memberReferences || memberReferences.length === 0) {
+export const getMembersString = (res: {
+  users: number;
+  groups: number;
+}): string => {
+  let membersString = '';
+  if (res.users > 0) {
+    membersString = `${res.users} ${res.users > 1 ? 'Users' : 'User'}`;
+  }
+  if (res.groups > 0) {
+    membersString = membersString.concat(
+      membersString.length > 0 ? ', ' : '',
+      `${res.groups} ${res.groups > 1 ? 'Groups' : 'Group'}`,
+    );
+  }
+  return membersString;
+};
+
+export const getMembers = (members: (string | MembersData)[]): string => {
+  if (!members || members.length === 0) {
     return 'No members';
   }
 
-  const res = memberReferences.reduce(
+  const res = members.reduce(
     (acc, member) => {
-      const entity = parseEntityRef(member) as any;
-      if (isUserEntity(entity)) {
-        acc.users++;
+      if (typeof member === 'object') {
+        if (member.type === 'User') {
+          acc.users++;
+        } else {
+          acc.groups++;
+        }
       } else {
-        acc.groups++;
+        const entity = parseEntityRef(member) as any;
+        if (isUserEntity(entity)) {
+          acc.users++;
+        } else {
+          acc.groups++;
+        }
       }
       return acc;
     },
     { users: 0, groups: 0 },
   );
 
-  let members = '';
-  if (res.users > 0) {
-    members = `${res.users} ${res.users > 1 ? 'Users' : 'User'}`;
+  return getMembersString(res);
+};
+
+export const getMembersFromGroup = (group: GroupEntity): number => {
+  const membersList = group.relations?.reduce((acc, relation) => {
+    let temp = acc;
+    if (relation.type === 'hasMember') {
+      temp++;
+    }
+    return temp;
+  }, 0);
+  return membersList || 0;
+};
+
+export const getPluginId = (
+  permissions: PermissionPolicy[] | undefined,
+  permission: string | undefined,
+): string => {
+  if (!permissions || !Array.isArray(permissions)) {
+    return '-';
   }
-  if (res.groups > 0) {
-    members = members.concat(
-      members.length > 0 ? ', ' : '',
-      `${res.groups} ${res.groups > 1 ? 'Groups' : 'Group'}`,
-    );
+
+  return (
+    permissions?.find(
+      p => p.policies?.find(pol => pol.permission === permission),
+    )?.pluginId || '-'
+  );
+};
+
+export const getPermissionsData = (
+  policies: RoleBasedPolicy[],
+  permissionPolicies: PermissionPolicy[],
+  entityReference: string,
+): PermissionsData[] => {
+  if (!policies || !Array.isArray(policies)) {
+    return [];
   }
-  return members;
+  return policies.reduce((acc: PermissionsData[], policy: RoleBasedPolicy) => {
+    if (policy?.effect && policy.effect !== 'deny') {
+      const permission = acc.find(
+        plugin =>
+          policy.entityReference === entityReference &&
+          plugin.permission === policy.permission &&
+          !plugin.policies.has({
+            policy: policy?.policy || 'use',
+            effect: 'allow',
+          }),
+      );
+      if (permission) {
+        permission.policyString.add(
+          policy.policy ? `, ${policy.policy}` : ', use',
+        );
+        permission.policies.add({
+          policy: policy.policy || 'use',
+          effect: policy.effect,
+        });
+      } else if (policy.entityReference === entityReference) {
+        const policyString = new Set<string>();
+        const policiesSet = new Set<{ policy: string; effect: string }>();
+        acc.push({
+          permission: policy.permission || '-',
+          plugin: getPluginId(permissionPolicies, policy?.permission) || '-',
+          policyString: policyString.add(policy.policy || 'use'),
+          policies: policiesSet.add({
+            policy: policy.policy || 'use',
+            effect: policy.effect,
+          }),
+        });
+      }
+    }
+    return acc;
+  }, []);
+};
+
+export const getKindNamespaceName = (roleRef: string) => {
+  const refs: string[] = roleRef.split(':');
+  const kind = refs[0];
+  const namespace = refs[1].split('/')[0];
+  const name = refs[1].split('/')[1];
+  return { kind, namespace, name };
 };