Role assignments behavior
Reltio platform enables you to assign tenant-specific user roles in metadata security.
Metadata security restricts access to your tenant data. Interested in defining the types of entity and relation a user can access or filtering to access to a subset of entities or relations? Raise a Support ticket to enable metadata security (for details, see topic Need some help?).
-
Tenant per role assignment:
In this scenario, the metadata security framework checks the tenant assignment to assess whether or not a given user has a role assigned. For example, if a rule allows ROLE_DATA_STEWARD to update entities in the production tenant and the user has ROLE_DATA_STEWARD for any other tenant (or no tenant at all), they won't be able to update entities.
-
Role assignment:
In this scenario, the metadata security framework does not check the tenant assignment to assess whether a given user has a role assigned or not. For example, if a rule allows ROLE_DATA_STEWARD to update entities in the production tenant and the user has ROLE_DATA_STEWARD for any other tenant (or no tenant at all), they will be able to update entities in any tenant, including the production tenant.
-
Use the same role names and definitions across multiple tenants.
This enables you to develop a new role definition in a development environment and then promote it to test and production environments without change. Notice that the definitions of the ROLE_READONLY and ROLE_FULLACCESS roles are identical in all the three tenants.
-
Assign a user different roles for different tenants.
This enables you to provide a user role access with appropriate permissions to different tenants.Notice that the the user is assigned the
ROLE_FULLACCESSrole in the development tenant and theROLE_READONLYrole in the test and production tenants.