Reltio Connect

 View Only
  • 1.  Data seggregation on entities at tenant level

    Posted 07-19-2024 09:50
    hello Team,
     
    We have one MDM business process whose data needs to be secured, restricted as part of SOX complaince. So far we are planning to bringin the entities of these BP also into the same tenant shared by other BPs. In this case the admin users on the tenant will have super user access and by default get access to view the restricted data of the SOX compliant BP. How will be logicall seggregate the access of admin users to refrain from acessing and manipulating the SOX compliant BP data?
     
    How do we bring security levels in accessing restricted data. even if we clone the admin user and add specific roles to it - still the admin user can access the restricted data.
     
    Regards,
     
    Shamina Sasankan


    ------------------------------
    Shamina Sasankan
    MDM Engineer
    Novartis
    ------------------------------


  • 2.  RE: Data seggregation on entities at tenant level

    Reltio Employee
    Posted 07-22-2024 10:45

    Shamina,

    ROLE_ADMIN_TENANT does have Read,Update,Delete access on the metadata security as a result the user with the role can access all the EntityTypes and its data. However, if we need to restrict the users from accessing the particular entityType using the Metadata security. You can find more details about this here: 

    https://docs.reltio.com/en/explore/get-going-with-apis-and-rocs-utilities/reltio-rest-apis/engage-apis/configuration-api/role-based-security/metadata-security



    ------------------------------
    Girish Kalburgi
    Reltio
    NC
    ------------------------------



  • 3.  RE: Data seggregation on entities at tenant level

    Posted 07-26-2024 04:09
      |   view attached

    hello Girish,

    I tried to have a POC on this regards. Attached doc talks about the steps we followed to establish the metadata security on the above-mentioned restricted entity. But even then, if a generic admin user logs in, they still can override the permissions built on top of the restricted entity.

    A solution on this requirement is very crucial for me to decide if we have to go for a separate tenant for such restricted entities instead of having all restricted entities to put into the same tenant which is shared by different business process.



    ------------------------------
    Shamina Sasankan
    MDM Engineer
    Novartis
    ------------------------------

    Attachment(s)