RDM (Reference Data Management) roles are essential for defining and managing access permissions within your system. They can be divided into three main categories: Read-Only, Read & Suggest, and Read & Write. Each category serves a specific purpose and grants users varying degrees of access to lookup types, lookup codes, and sources.
2.1. Read-Only Role:
Role Name: ROLE_RDM
Description: Users with this role can only read lookup types, lookup codes, and sources. They do not have the capability to make any changes to the data.
2.2. Read & Suggest Role:
Role Name: ROLE_RDM, ROLE_RDM_SUGGEST
Description: Users with this role can read lookup types and sources, similar to the Read-Only role. Additionally, they have the ability to suggest changes to lookup codes, providing a collaborative approach to data management.
2.3. Read & Write Role:
Role Name: ROLE_RDM, ROLE_RDM_EDIT
Description: Users with this role can read lookup types and sources, just like the Read-Only role. In addition, they can make changes to lookup codes. However, users with this role are not allowed to add new lookup types.
2.4. Adding Lookup Type Creation Permissions:
If a user needs to create or modify lookup types in addition to having write access to lookup codes, the ROLE_ADMIN_TENANT role should be added to their account. This role grants users the necessary permissions to manage lookup types effectively.
Implementing the recommended RDM roles and permissions strategy outlined in this document ensures that your organization's users have the appropriate level of access to reference data while maintaining data integrity and security. By following this role-based approach, you can efficiently manage user groups and their permissions within the system, providing a solid foundation for your organization's data management processes.