Reltio Connect

 View Only

  • 1.  Metadata permissions : Undesired error

    Posted 07-25-2024 12:53

    Helo experts,

    We are implementing this RBAC for attributes inside our entityType called Group. This is the right permissions we have set. But when creating a new profile for this entiyType, We get the below error. We are creating a new profile. Not sure why would we need an update privilege.

    ErrorSecurity error. Access to attribute 'configuration/entityTypes/Group/attributes/value' is forbidden. Required privileges: READ,UPDATE,CREATE

    Metadata:

    [
    {
        "uri": "configuration/entityTypes/Group",
        "permissions": [
            {
                "role": "ROLE_CUSTOM_USER",
                "access": [
                    "READ",
                    "CREATE",
                    "UPDATE",
                    "DELETE"
                ]
            }
        ]
    },
    {
        "uri": "configuration/entityTypes/Group/attributes/name",
        "permissions": [
            {
                "role": "ROLE_CUSTOM_USER",
                "access": [
                    "READ",
                    "CREATE",
                    "UPDATE",
                    "DELETE"
                ]
            }
        ]
    },
    {
        "uri": "configuration/entityTypes/Group/attributes/value",
        "permissions": [
            {
                "role": "ROLE_CUSTOM_USER",
                "access": [
                    "READ",
                    "CREATE"
                ]
            }
        ]
    },
    {
        "uri": "configuration/entityTypes/Group/attributes/label",
        "permissions": [
            {
                "role": "ROLE_CUSTOM_USER",
                "access": [
                    "READ",
                    "CREATE",
                    "UPDATE"
                ]
            }
        ]
    }
]



    ------------------------------
    Nidheesh Radhakrishnan
    MDM Developer
    Novartis
    ------------------------------



  • 2.  RE: Metadata permissions : Undesired error

    Reltio Employee
    Posted 07-29-2024 17:38

    Hi, we currently require both CREATE and UPDATE for the create operation. This is fue to the nature of MDM operations. Sometimes while creating an entity you may be modifying a relation.

    I would need to learn more about your use case, but for scenarios like this, other customers usually channel create operations under a DCR and then the approver verifies it. Same for update. This ensures proper segregation and governance.



    ------------------------------
    Sergio Abraham
    Principal Product Manager
    Reltio
    ------------------------------



  • 3.  RE: Metadata permissions : Undesired error

    Reltio Partner
    Posted 07-30-2024 09:28

    Hi Nidheesh,


    I see that you are configuring Metadata Security and I wanted to point you to a free online tool we have created to make it easier to visualize the configured permissions, edit or create new permissions - https://mdmutilities.com/. 
    I would be curious to hear your thoughts about the tool if you decide to give it a try. 

    Regards,
    ------------------------------
    Lyubomira Alexandrova
    Ulpia Tech
    ------------------------------

    Original Message


Related Content