Role assignments behavior
Reltio platform enables you to assign tenant-specific user roles in metadata security.
Interested in defining the types of entities and relations a user can access or filtering the access to a subset of entities or relations? Use role assignments from the metadata security framework to restrict access to your tenant data. For details on enabling and configuring metadata security, see topic Metadata Security.
Role assignment types
-
Tenant per role assignment (default):
This is the default configuration. The metadata security framework checks the tenant assignment to assess whether or not a given user has a role assigned for a given tenant. For example, if a rule allows ROLE_DATA_STEWARD to update entities in the production tenant and the user only has the ROLE_DATA_STEWARD for other tenants but not production (or no tenant at all), then the user won't be able to update entities in the production tenant.
-
Role assignment:
In this scenario, the metadata security framework doesn't check the tenant assignment to assess whether a given user has a role assigned or not for a given tenant. For example, if a rule allows ROLE_DATA_STEWARD to update entities in the production tenant and the user has ROLE_DATA_STEWARD for any tenant, then the user will be able to update entities in any tenant, including the production tenant.
Role assignment benefits
-
Use the same role names and definitions across multiple tenants.
This enables you to develop a new role definition in a development environment and then promote it to test and production environments without change. Notice that the definitions of the ROLE_READONLY and ROLE_FULLACCESS roles are identical in all the three tenants.
-
Assign a user different roles for different tenants.
This enables you to provide a user role access with appropriate permissions to different tenants.Notice that the the user is assigned the
ROLE_FULLACCESS
role in the development tenant and theROLE_READONLY
role in the test and production tenants.
This figure illustrates the benefits of metadata security