home

Explore

DiscoverStartExploreModelIntegrateEngage
DiscoverStartExploreModelIntegrateEngage

Accelerate the Value of Data

Show Contents

thumbnailExplore

Reference Data Management (RDM)

Role-based access control (RBAC) for RDM

Learn how Role-based access control (RBAC) for Reference Data Management (RDM) enhances data security by limiting access based on user roles, using custom roles, granular permissions, and API-driven configurations.

Role-based access control (RBAC) for RDM is a security mechanism that works alongside Reltio API permissions to restrict access to RDM tenant data. Data access is limited based on user roles, ensuring that users can only access information related to their responsibilities.

Benefits

Implementing RBAC for RDM enhances data security and compliance by allowing you to define roles and permissions according to your organizational policies. This control is crucial for managing sensitive data, ensuring users access only the information they are authorized to view or modify, thereby maintaining data integrity and security.

Key features

The key features to achieve the benefits of RBAC for RDM are:

Custom Roles
Administrators create custom roles tailored to specific job functions within the organization.
Granular Permissions
Permissions are assigned at a detailed level, including access to specific lookup types and canonical codes.
API-Driven Configuration
All role and permission configurations are managed through a set of robust APIs, allowing for seamless integration and automation.

For the terms of the security model, see topic Terminology.

Best practices

Prefixes for role-based access
To facilitate role-based access, use specific prefixes for canonical codes that correspond to different user roles. This way, users with specific roles can easily be restricted to view or edit only the values relevant to their department. For example:

  • FIN_ for Finance-related data accessible only by users with the ROLE_RDM_FINANCE role.

  • HR_ for HR-related data accessible only by users with the ROLE_RDM_HR role.

Hierarchical or dependent lookup permissions
Set up permissions for parent and child lookups separately. Permissions for a parent lookup type do not automatically grant access to child lookups. Each lookup type should have explicit permissions defined.

Limitations

Property Filter Limitations
The property filter in RBAC configuration does not support the inSameAttributeValue expression.
Lookup Types, Hierarchy View and Export Page
The Lookup types, Hierarchy View and Export page contain all lookup type names even if the user does not have any access.
Data Change Requests (DCRs)
Data Change Requests do not support role-based access.
API and UI Restrictions
RDM RBAC on the MDM side is only applicable to API endpoints that return RDM lookup values and to MDM UI dropdown boxes displaying available attribute values linked with RDM lookups.

Updated on August 2, 2024

Footer

You've found your way to a temporary environment. Content is not complete or final. Looking for Reltio documentation? Go to docs.reltio.com.

Company

Leadership

Careers

Awards

Contact Us

Reltio Newsroom

Press Releases

Media Coverage

Media & Analyst Resources

Customer Support

Support

Reltio Learn

Community

Developer Portal

100 Marine Parkway, Suite 275

Redwood Shores, CA 94065

USA

North America: +1(855)360-3282

Europe: +44(800)368-7643

Email: sales@reltio.com

© 2022-2024 Reltio Intellectual Property. All rights reserved.

Terms, Policies & Cookie Preferences