1. Reltio Support
  2. Knowledge Base
  3. Security

How can I define a filter on a source system in the permissions API?

Gloria Faley
Updated

Question

How can I define a filter on a source system in the permissions API?

Answer

Metadata security can be used to filter the results for entity objects and attributes. The scope of the implementation is centered around:

  • GET /{tenant}/entities/{id}
  • POST /{tenant}/entities/{id}
  • DELETE /{tenant}/entities/{id}
  • POST /{tenant}/entities/{id}/_update

To enable source system filtering, roles should be created that specify which source systems should be limited and the privileges.

The minimum privilege is the READ

[
  {
    "uri": "configuration/entityTypes/HCP",
    "permissions": [
      {
        "role": "ROLE_FB_READ",
        "filter": "equals(sourceSystems,'FB')",
        "access": [
          "READ"
        ]
      }
    ]
  }
]

The above example would limit results for configuration/entityTypes/HCP to configuration/sources/FB sources.

The results from filtering the results will be the same as calling the {tenant}/entities/{id}/_slice endpoint.

The permissions can be configured at a granular level.

[
  {
    "uri": "configuration/entityTypes/HCP",
    "permissions": [
      {"role" : "ROLE_FB_CREATE", "filter" : "equals(sourceSystems,'FB')", 
      "access" : ["CREATE"]},
      {"role" : "ROLE_FB_READ", "filter" : "equals(sourceSystems,'FB')", 
      "access" : ["READ"]},
      {"role" : "ROLE_FB_UPDATE", "filter" : "equals(sourceSystems,'FB')", 
      "access" : ["UPDATE"]},
      {"role" : "ROLE_FB_DELETE", "filter" : "equals(sourceSystems,'FB')", 
      "access" : ["DELETE"]},

      {"role" : "ROLE_TWITTER_CREATE", "filter" : "equals(sourceSystems,'TWITTER')", 
      "access" : ["CREATE"]},
      {"role" : "ROLE_TWITTER_READ", "filter" : "equals(sourceSystems,'TWITTER')", 
      "access" : ["READ"]},
      {"role" : "ROLE_TWITTER_UPDATE", "filter" : "equals(sourceSystems,'TWITTER')", 
      "access" : ["UPDATE"]},
      {"role" : "ROLE_TWITTER_DELETE", "filter" : "equals(sourceSystems,'TWITTER')", 
      "access" : ["DELETE"]},
      
      {"role" :"ROLE_VEEVA_CREATE", "filter" : "equals(sourceSystems,'Veeva')", 
      "access": ["CREATE"]},
      {"role" :"ROLE_VEEVA_READ", "filter" : "equals(sourceSystems,'Veeva')", 
      "access": ["READ"]},
      {"role" :"ROLE_VEEVA_UPDATE", "filter" : "equals(sourceSystems,'Veeva')", 
      "access": ["UPDATE"]},
      {"role" :"ROLE_VEEVA_DELETE", "filter" : "equals(sourceSystems,'Veeva')", 
      "access": ["DELETE"]}
    ]
  }
]

This would restrict the user access at a Metadata security level for access and then also implement filtered results in the response to the supported endpoints.

Security can be configured to restrict and filter based on multiple sources.

[
  {
    "uri": "configuration/entityTypes/HCP",
    "permissions": [     
      {"role" : "ROLE_TWIT_AND_FB_CREATE", 
      "filter" : "equals(sourceSystems,'FB') AND equals(sourceSystems,'TWITTER')", 
      "access" : ["CREATE"]},
      {"role" : "ROLE_TWIT_AND_FB_READ", 
      "filter" : "equals(sourceSystems,'FB') AND equals(sourceSystems,'TWITTER')",
       "access" : ["READ"]},
      {"role" : "ROLE_TWIT_AND_FB_UPDATE", 
      "filter" : "equals(sourceSystems,'FB') AND equals(sourceSystems,'TWITTER')", 
      "access" : ["UPDATE"]},
      {"role" : "ROLE_TWIT_AND_FB_DELETE", 
      "filter" : "equals(sourceSystems,'FB') AND equals(sourceSystems,'TWITTER')", 
      "access" : ["DELETE"]}
     ]
   }
]

This would limit access and filtering to the configuration/sources/FB and configuration/sources/TWITTER sources.

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section