hello Girish,
I tried to have a POC on this regards. Attached doc talks about the steps we followed to establish the metadata security on the above-mentioned restricted entity. But even then, if a generic admin user logs in, they still can override the permissions built on top of the restricted entity.
A solution on this requirement is very crucial for me to decide if we have to go for a separate tenant for such restricted entities instead of having all restricted entities to put into the same tenant which is shared by different business process.
------------------------------
Shamina Sasankan
MDM Engineer
Novartis
------------------------------
Original Message:
Sent: 07-22-2024 10:45
From: Girish Kalburgi
Subject: Data seggregation on entities at tenant level
Shamina,
------------------------------
Girish Kalburgi
Reltio
NC
Original Message:
Sent: 07-19-2024 09:49
From: Shamina Sasankan
Subject: Data seggregation on entities at tenant level
hello Team,
We have one MDM business process whose data needs to be secured, restricted as part of SOX complaince. So far we are planning to bringin the entities of these BP also into the same tenant shared by other BPs. In this case the admin users on the tenant will have super user access and by default get access to view the restricted data of the SOX compliant BP. How will be logicall seggregate the access of admin users to refrain from acessing and manipulating the SOX compliant BP data?
How do we bring security levels in accessing restricted data. even if we clone the admin user and add specific roles to it - still the admin user can access the restricted data.
Regards,
Shamina Sasankan
------------------------------
Shamina Sasankan
MDM Engineer
Novartis
------------------------------