Managing Roles, Users and Tenants
You can use Roles as the primary mechanism to grant privileges to a user account.
Working with Roles
You can define roles and specify their permissions to control your user's access, as required. By associating roles with tenants, you can grant or restrict user access to your data.
- System roles: These are the default roles provided by Reltio to enable your access to the Reltio Platform. You cannot edit these predefined roles as the permissions for these roles are managed in the Reltio Platform. Each System role can either provide access to a single module/service, or, to a combination of several modules/services. For more information, see Exploring all System Roles.
- Custom roles: You can create your own custom roles to provide access to your users as required. The permissions for these roles are owned and managed by the respective customers. These roles are available only within the scope of each customer.
Managing Users and Tenant Access
As a user, you need a Role and a Tenant to access any Reltio service. Your access is limited to the role that is assigned to you. Consider the example where two roles are assigned to you. In the first role (Role A), you may have the Create privilege on Resource A in Reltio Service X. Similarly, through the second role (Role B), you may have the Execute privilege on Resource B in Reltio Service Y. Your roles will be tied to your tenant assignments and you will be able to access Tenant 1 or Tenant 2 depending upon the role mapped to those tenants.
You can assign tenants to a role, and similarly, assign roles to a tenant as well. The roles that apply to specific tenants are called Tenant-specific Roles. Through these roles, you can provide restricted access to your tenants. This ability allows you to give multiple types of access rights to a user for different tenants, as required. The Security model ensures that users access each tenant with minimum privileges required to perform the tasks.
While assigning a role, you can specify the Tenant ID for which the specific role is applicable. For example, you can associate Role A with Tenant 1 and Role B with Tenants 2 and 3. This ensures that a user/group with Role A cannot access Tenants 2 and 3.
Managing Groups
You can create Groups for the users who need the same kind of access. This feature enables you to easily manage the access provided to multiple users, on single or multiple tenants.
Groups and users have exactly the same kind of access management features. The advantage of using Groups is the ease of managing access at the group level for multiple users, instead of at the individual user level. Several users can be associated with groups that provide the right set of access.
Assigning Roles
You can use the User Management application in Console to manage user accounts, roles, tenants and groups for providing appropriate access to the users. For more information, see User Management.