Hide/Show Profile Information Based on User Roles

This feature allows you to control the visibility of the profile data for certain users.

Overview

The two settings that are supported in this feature are listed below.

  • Hide/Show Attributes (Profile and Crosswalk View):

    You may want to restrict some of the users from accessing or viewing certain attributes. You can configure role based user-access to ensure that certain attributes and their values are hidden from certain users.

  • Hide/Show Source Systems (Crosswalk View):

    Some sources may contain sensitive customer data that you may not want to display to all the users. You may want to make this data visible only to certain authorized users. By using this feature, you can limit the visibility of values from certain source systems based on user roles. For a user role, you can configure which sources can be hidden. When a source is set as hidden for a user role, none of the values from that source are visible to that specific user. The OV values will be calculated for any logged in user based on the source systems that the user is authorized to view.

Impact Analysis of This Feature

Please note that this feature affects the details shown in the Profile and Crosswalk views only. You must review the following points carefully before using this feature:

  • The Show/Hide feature is designed to work only in the Profile and Crosswalks pages in the Hub.
  • Users who are restricted from viewing any data in the Profile page will still be able to access it using GET, SCAN, or any other API that allows extraction of data from Reltio platform.
  • The configured hidden attribute or source systems will still be searchable from the Hub and will be visible on the search filter facets.

Configuring Sources and/or Attributes

We have introduced a custom script that you can use to configure as per your requirements. This configuration must be done in the Hub configuration. This functionality allows you to define which sources must be hidden for selected user roles. In addition, you can use the same script to define certain attributes that can be hidden based on the setting of a master attribute value and user roles. For more details, please refer the Hub Configuration example given below.

Hub Configuration Example

{
   "point": "com.reltio.plugins.ui.custom_script",
   "id": "com.reltio.plugins.entity.org.CheckEntityScript",
   "class": "com.reltio.plugins.ui.CustomScript",
   "sources": [
      {
         "roles": ["ROLE_AE", "ROLE_DS"],
         "includeSources": null,
         "excludeSources": ["configuration/sources/AHA", "configuration/sources/ABC"]
      },
      {
         "roles": ["ROLE_USER"],
         "includeSources": ["configuration/sources/ABC"],
         "excludeSources": null
      },
      {
         "roles": ["ROLE_ADMIN"],
         "includeSources": null,
         "excludeSources": []
      }
   ],
   "attributes": [
      {
         "roles": ["ROLE_AE", "ROLE_DS"],
         "masterAttributeType": "configuration/entityTypes/HCO/attributes/Phone/attributes/Active",
         "masterAttributeValueToHide": "false",
         "controlledAttributeTypes": [
            "configuration/entityTypes/HCO/attributes/Phone/attributes/Number"
         ]
      },
      {
         "roles": ["ROLE_USER"],
         "masterAttributeType": "configuration/entityTypes/HCO/attributes/Target",
         "masterAttributeValueToHide": "US",
         "controlledAttributeTypes": [
            "configuration/entityTypes/HCO/attributes/Name"
         ]
      },
      {
         "roles": ["ROLE_GLOBAL_DS_LEV"],
         "flagSubAttributeType": "configuration/relationTypes/HasAddress/attributes/AddressType",
         "flagSubAttributeValueToHide": "Residential"
      }
   ],
   "canSeeAllAttributes": ["ROLE_ADMIN"],
   "action": {
      "processApiRequest": [
         "https://[^.]+.reltio.com/reltio/api/[^/]+/entities/[^/?_]+/?($|\\?.*)",
         "https://[^.]+.reltio.com/reltio/api/[^/]+/entities/[^/_]+/_update/?($|\\?.*)"
      ],
      "processApiResponse": [
         "https://[^.]+.reltio.com/reltio/api/[^/]+/entities/[^/_]+/attributes/[^?]+\\?crosswalkValue=.+"
      ],
      "files": ["https://reltio-ui-files.s3.amazonaws.com/custom-scripts/hideAttr.js"],
      "permissions": [
         "https://[^.]+.reltio.com/reltio/api/[^/]+/entities/[^/?_]+/?($|\\?.*)",
         "https://[^.]+.reltio.com/reltio/api/[^/]+/entities/[^/?_]+/_slice?($|\\?.*)",
         "https://[^.]+.reltio.com/reltio/api/[^/]+/entities/[^/_]+/_update/?($|\\?.*)"
      ]
   }
}   

Details regarding configuring the “sources” block:

The "sources" configuration block allows you to specify the sources to be included or excluded for a particular user role. If a user has several roles assigned, then, Reltio platform combines all the inclusions/exclusions of sources, specified for each role.

Based on the example given above, please note the following points:

  1. Usage of null translates to not defining any configuration; whereas, usage of [ ] (empty square brackets) indicates that no sources are excluded.
  2. "ROLE_AE" and "ROLE_DS" roles provide access to all sources, except AHA and ABC.
  3. "ROLE_USER" role provides access only to the ABC source.
  4. If both include and exclude properties are defined in a single block, then only the include property is used (the exclude property is ignored).

Details regarding configuring the “attributes” block:

The "attributes" configuration block allows you to specify a master attribute. This master attribute behaves as a controller to enable you to specify which attributes can be controlled. The controlled attributes can be shown/hidden for a particular user role.

Just like you can show/hide an attribute, you can show/hide specific nested values as well. To do so, you must specify the sub-attribute that Reltio platform must pay attention to. For example, if your sub-attribute type is "Address" and you do not wish to display the values for "residential" addresses, you can specify "Address" as the "flagSubAttributeType" and use the "flagSubAttributeValueToHide" setting for "residential".

Note: It is important to note that though the example lists an attribute/value pair, you can decide the exact details that you wish to specify based on your requirement. The values for none of the following properties are hard-coded:
  • "masterAttributeType"
  • "masterAttributeValueToHide"
  • "controlledAttributeTypes"
  • "flagSubAttributeType"
  • "flagSubAttributeValueToHide"
  • "canSeeAllAttributes"

Based on the example given above, please note the following points:

  1. When the "masterAttributeValueToHide" property is set to true for a master attribute, all the controlled attributes are hidden for the users with that role.
  2. When a sub-attribute type is specified as "flagSubAttributeType", and the "flagSubAttributeValueToHide" property is set for specific nested values, then all the specific nested values of the marked sub-attribute type are hidden for the specified role.
  3. The "canSeeAllAttributes" property allows users of that particular role to view all attributes, irrespective of the settings done in the 'attributes' section of the configuration.
Note: Do not edit the "action" section of the Hub Configuration as it may cause undesirable behavior.