Reltio Connect

 View Only

  • 1.  Metadata Security for an Entity

    Reltio Partner
    Posted 11 days ago

    Hi Team,

    I just want to apply the permissions for an entity based on the attribute value for the same role.  When am trying below json permission is applied with highest privileges.

    [
        {
            "uri": "configuration/entityTypes/Record",
            "permissions": [
                {
                    "role": "ROLE_DATA_MANAGER",
                    "filter":"equals(attributes.Flag,'No')",
                    "access": ["CREATE", "READ", "UPDATE"]
                },
                {
                    "role": "ROLE_DATA_MANAGER",
                    "filter":"equals(attributes.Flag,'Yes')",
                    "access": ["READ"]
                }
            ]
        }
    ]

    the expectation is when ever the record has flag value as Y it should be read only and if it is N then role should have all permissions. But when i applied above json, For all the records  [read, Create a, Update] is applied. 

    Thanks,

    Linga

     



    ------------------------------
    Lingasamy Eswaramoorthy
    TCS
    ------------------------------


  • 2.  RE: Metadata Security for an Entity

    Posted 11 days ago

    Hi there,

    I am hoping that the attributes.flag is Yes/No Lookup. If that is the case, did you try with Y and N instead of Yes or No.  



    ------------------------------
    Radhakrishnan Ramalingam
    Architect
    San Ramon CA
    ------------------------------

    Original Message


  • 3.  RE: Metadata Security for an Entity

    Posted 11 days ago

    if that doesn't work,  define two roles instead of one 
               ROLE_DATA_MANAGER
               ROLE_DATA_MANAGER_READ



    ------------------------------
    Radhakrishnan Ramalingam
    Architect
    San Ramon CA
    ------------------------------

    Original Message


  • 4.  RE: Metadata Security for an Entity

    Reltio Partner
    Posted 10 days ago

    Hi Krish,

    Thanks for the response. 

    I tried both the suggested options. But still  that user able to edit the profiles in both the cases.

    [
        {
            "uri": "configuration/entityTypes/Record",
            "permissions": [
                {
                    "role": "ROLE_DATA_MANAGER",
    "filter":"equals(attributes.Flag,'N')",
                    "access": ["CREATE", "READ", "UPDATE"]
                },
                {
                    "role": "ROLE_DATA_MANAGER_READ",
    "filter":"equals(attributes.Flag,'Y')",
                    "access": ["READ"]
                }
            ]
        }
    ]
    [
        {
            "uri": "configuration/entityTypes/Record",
            "permissions": [
                {
                    "role": "ROLE_DATA_MANAGER",
    "filter":"equals(attributes.Flag,'No')",
                    "access": ["CREATE", "READ", "UPDATE"]
                },
                {
                    "role": "ROLE_DATA_MANAGER_READ",
    "filter":"equals(attributes.Flag,'Yes')",
                    "access": ["READ"]
                }
            ]
        }
    ]

    Let me know if there are any other way to achieve it. 



    ------------------------------
    Lingasamy Eswaramoorthy
    TCS
    ------------------------------

    Original Message