Unify and manage your data

Service access permissions

Learn about the access permissions to assign to service resources and sub resources.

Reltio defines the access privileges that are appropriate for each resource or sub resource of a service to define what actions authenticated users are permitted to take:
  • CREATE
  • READ
  • UPDATE
  • DELETE
  • EXECUTE
Assign access privileges for specific Reltio service resources when you create or edit custom roles with either the:
The sub topics in this section provide the information you need to assign Reltio service access privileges to a custom role:
Permissions for
The functionality the privileges provide access to, for example, Configuring metadata security permissions for Tenant Management API endpoints.
Access rights (resource/ sub resource)
The IDs of the resources and sub resources for the service.
Access privileges (CREATE, READ, UPDATE, DELETE, EXECUTE)
The actions authenticated users are permitted to take on that service resource and sub resource.
API endpoint (HTTP method and URI)
The method and endpoint to specify in the Permissions management to create a role with permissions for the resource and sub resource.
UI label

The name of the functionality in the Console User Management application to create a role with permissions for the resource and sub resource.

Examples

This section shows you how to use the information in the Authorization service access permissions topic to create a custom role for the Export service with privileges for extracting activities data from a tenant.

To assign the Export service access permissions from the UI:
  1. In the Console User Management app, open the custom role you want to assign these permissions to.

  2. Open an existing custom role or create a new one.

  3. In the Create/edit role dialog box, search for or scroll down to the Export Service.

  4. Select the check box for the Activities resource.

  5. Select Save.

To assign the Export service access permissions using the API:

  1. For the desired API endpoint ( POST /export/{tenantId}/activities), find the:.

    • resource and.sub resource IDs ( data.activities)

    • defined privileges (EXECUTE)

  2. Supply these values in the body of the Permissions Management:
    POST {oauth_uri}/customers/{customerId}/roles/permissions
    Headers: Authorization: Bearer <Access-Token>
    Request Body:
    [{
        "roleName": "ROLE_EXPORT_CUSTOM_ACTIVITIES",
        "servicePermissions": [
            {
                "id": "export",
                "resourcePermissions": [
                    {
                        "id": "data",
                        "resourcePermissions": [
                            {
                                "id": "activities",
                                "allowedPrivileges": [
                                    "EXECUTE"
                                ]
                            }
                        ]
                    }
                ]
            }
        ]
    }]