Unify and manage your data

Role assignments behavior

Reltio platform enables you to assign tenant-specific user roles in metadata security.

Interested in defining the types of entities and relations a user can access or filtering the access to a subset of entities or relations? Use role assignments from the metadata security framework to restrict access to your tenant data. For details on enabling and configuring metadata security, see topic Metadata Security.

Note: Metadata security isn’t compatible with analytics attributes. You can’t apply metadata security rules to analytics attributes.

Role assignment types

Define how you want to treat roles assignments in metadata security rules, such as whether or not to explicitly consider tenant assignment to evaluate the rules:
  • Tenant per role assignment (default):

    This is the default configuration. The metadata security framework checks the tenant assignment to assess whether or not a given user has a role assigned for a given tenant. For example, if a rule allows ROLE_DATA_STEWARD to update entities in the production tenant and the user only has the ROLE_DATA_STEWARD for other tenants but not production (or no tenant at all), then the user won't be able to update entities in the production tenant.

  • Role assignment:

    In this scenario, the metadata security framework doesn't check the tenant assignment to assess whether a given user has a role assigned or not for a given tenant. For example, if a rule allows ROLE_DATA_STEWARD to update entities in the production tenant and the user has ROLE_DATA_STEWARD for any tenant, then the user will be able to update entities in any tenant, including the production tenant.

Note: Tenant per role assignment has been the default since July 2024, prior to that the default was Role assignment.
Note: To change the type of role assignment for your tenants open a Support request, see topic Get help in Support Portal

Role assignment benefits

Benefits of the role assignments:
  • Use the same role names and definitions across multiple tenants.

    This enables you to develop a new role definition in a development environment and then promote it to test and production environments without change. Notice that the definitions of the ROLE_READONLY and ROLE_FULLACCESS roles are identical in all the three tenants.

  • Assign a user different roles for different tenants.

    This enables you to provide a user role access with appropriate permissions to different tenants.Notice that the the user is assigned the ROLE_FULLACCESS role in the development tenant and the ROLE_READONLY role in the test and production tenants.

This figure illustrates the benefits of metadata security