Reltio Connect

 View Only
  • 1.  Metadata permissions : Undesired error

    Posted 07-25-2024 12:53

    Helo experts,

    We are implementing this RBAC for attributes inside our entityType called Group. This is the right permissions we have set. But when creating a new profile for this entiyType, We get the below error. We are creating a new profile. Not sure why would we need an update privilege.

    ErrorSecurity error. Access to attribute 'configuration/entityTypes/Group/attributes/value' is forbidden. Required privileges: READ,UPDATE,CREATE

    Metadata:

    [
        {
            "uri": "configuration/entityTypes/Group",
            "permissions": [
                {
                    "role": "ROLE_CUSTOM_USER",
                    "access": [
                        "READ",
                        "CREATE",
                        "UPDATE",
                        "DELETE"
                    ]
                }
            ]
        },
        {
            "uri": "configuration/entityTypes/Group/attributes/name",
            "permissions": [
                {
                    "role": "ROLE_CUSTOM_USER",
                    "access": [
                        "READ",
                        "CREATE",
                        "UPDATE",
                        "DELETE"
                    ]
                }
            ]
        },
        {
            "uri": "configuration/entityTypes/Group/attributes/value",
            "permissions": [
                {
                    "role": "ROLE_CUSTOM_USER",
                    "access": [
                        "READ",
                        "CREATE"
                    ]
                }
            ]
        },
        {
            "uri": "configuration/entityTypes/Group/attributes/label",
            "permissions": [
                {
                    "role": "ROLE_CUSTOM_USER",
                    "access": [
                        "READ",
                        "CREATE",
                        "UPDATE"
                    ]
                }
            ]
        }
    ]



    ------------------------------
    Nidheesh Radhakrishnan
    MDM Developer
    Novartis
    ------------------------------



  • 2.  RE: Metadata permissions : Undesired error

    Reltio Employee
    Posted 07-29-2024 17:38

    Hi, we currently require both CREATE and UPDATE for the create operation. This is fue to the nature of MDM operations. Sometimes while creating an entity you may be modifying a relation.

    I would need to learn more about your use case, but for scenarios like this, other customers usually channel create operations under a DCR and then the approver verifies it. Same for update. This ensures proper segregation and governance.



    ------------------------------
    Sergio Abraham
    Principal Product Manager
    Reltio
    ------------------------------



  • 3.  RE: Metadata permissions : Undesired error

    Reltio Partner
    Posted 07-30-2024 09:28

    Hi Nidheesh,


    I see that you are configuring Metadata Security and I wanted to point you to a free online tool we have created to make it easier to visualize the configured permissions, edit or create new permissions - https://mdmutilities.com/. 
    I would be curious to hear your thoughts about the tool if you decide to give it a try. 

    Regards,
    ------------------------------
    Lyubomira Alexandrova
    Ulpia Tech
    ------------------------------