How to Restrict User Access to Entity types based on Custom roles ?

Question

How to Restrict User Access to Entity types based on Custom roles?

Answer

Yes, this can be achieved on the basis of setting permission for the user based on entity types/ attributes. 

Reltio applications support roles-based metadata security. Each role has a list of resources with operations that this role can do with each resource. Security can be set on the entity/relationship type level or for individual attributes.

Setting Permissions on Entity Types

POST {ServiceURI}/permissions/{tenant}
Headers: Authorization: Bearer <Access-Token>, Content-Type: application/json 
Body:
[
  {
    "uri":"configuration/entityTypes",
    "permissions":[
      {
        "role": "API_USER",
        "access":["READ"]
      },
      {
        "role": "UI_USER",
        "access":["READ"]
      }
    ]
  },
  {
    "uri":"configuration/entityTypes/HCP",
    "permissions":[
      {
        "role": "API_USER",
        "access":["CREATE", "READ", "UPDATE"]
      }
    ]
  }
]

Setting Permissions on Attributes 

POST {ServiceURI}/permissions/{tenant}
Headers: Authorization: Bearer <Access-Token>, Content-Type: application/json
Body:
[
  {
    "uri": "configuration/entityTypes/HCP/attributes/Name",
    "permissions": [
      {
        "role": "ROLE_READ",
        "access": ["CREATE", "READ", "UPDATE"]
      }
    ]
  }
]
Note: For a newly created tenant, metadata security is disabled. It is enabled when any permissions configuration (even an empty configuration) is applied to the tenant.

The tenant configuration API request supports an option showAccess. If this option is enabled, the business model configuration of a tenant is returned along with access level specifications for all entity types, relationship types, and attributes.

 

Note: Default roles can't be used in the tenant metadata permissions.

Applying permissions to a specific attribute value

{
"uri": "configuration/entityTypes/entityType",
"permissions": [
{
"role": "ROLE_NAME",
"filter": "not equals(attributes.attributeName, 'true')",
"access": [
"CREATE",
"UPDATE",
"DELETE",
"MERGE",
"UNMERGE"
]
},
....
]
}

 

Getting Tenant Configuration with Access

GET {TenantURL}/configuration?options=showAccess

 

References

https://docs.reltio.com/security/metadatasecurity.html

Was this article helpful?
2 out of 2 found this helpful

Comments

3 comments
  • What is the underlying value of {ServiceURI} ?

    2
  • To add the the above question, what is the value of {tenant}, does it include the full path or just the tenant ID?

    0
  • Hi, here are some clarifications on the query:

    https://{environment}.reltio.com/reltio/permissions/{Tenant ID}

    Hope this helps!

    2

Please sign in to leave a comment.