Reltio Connect

 View Only
  • 1.  Metadata security issue

    Reltio Partner
    Posted 09-30-2023 06:42
    we have an attribute status, which have values like 'Active', 'Blocked', 'Inactive'
    Another Boolean attribute named permit.
    we have 2 roles , role_active and role_blocked.
    role_active means the user will be able to change the status value only when status is 'Active'
    role_blocked means the user will be able to change the status value only when status is 'Blocked'
    Below is the metadata security used for this
            "uri": "configuration/entityTypes/XYZ",
            "permissions": [
                {
                    "role": role_blocked
                    "filter": "equals (attributes.Status,'Blocked')",
                    "access": [
                        "READ",
                        "UPDATE"
                    ]
                },
                {
                    "role": role_blocked
                    "access": [
                        "READ"
                    ]
                }
    Also the same user should be only change the value of permit attribute from true to false only.
    If the value of permit is false, it should not allow to change the value of permit.
    By using below security and after assigning role_blocked ,role_permit to same user, it is not working for that user
      "uri": "configuration/entityTypes/XYZ",
            "permissions": [
                {
                    "role": role_blocked
                    "filter": "equals (attributes.Status,'Blocked')",
                    "access": [
                        "READ",
                        "UPDATE"
                    ]
                },
                {
                    "role": role_blocked
                    "access": [
                        "READ"
                    ]
                },
               "role": role_permit
               "filter": "equals (attributes.permit,'true')",
                 "access": [
             "READ",
                "UPDATE"
                    ]
                },
      "role": role_permit
              "access": [
                  "READ"
                    ]
                }
     
     
    when status is blocked and permit is false, it is allowing to update permit from false to true
     because role_blocked has already update permission


    ------------------------------
    Rahul Raveendran
    Cognizant
    ------------------------------


  • 2.  RE: Metadata security issue

    Reltio Employee
    Posted 10-03-2023 03:03

    Hi Rahul,

    Since it is the same user, have you tried to use a single role with both filter conditions connected using AND?

    Thanks,



    ------------------------------
    Saurabh Agarwal
    ------------------------------



  • 3.  RE: Metadata security issue

    Reltio Partner
    Posted 10-03-2023 05:48

    Hi Saurabh,

    I tried that as well- But when we use both the condition in "AND", like below:

    "uri": "configuration/entityTypes/XYZ",
            "permissions": [
                {
                    "role": role_blocked
                    "filter": "equals (attributes.Status,'Blocked') AND equals (attributes.permit,'true')",
                    "access": [
                        "READ",
                        "UPDATE"
                    ]
                },
                {
                    "role": role_blocked
                    "access": [
                        "READ"
                    ]
                }

    when the status is 'Active' and permit is 'true', it will not allow to change the permit from 'true' to 'false' because AND condition didn't satisfy.

    The requirement is, it should allow status to change when it is blocked only irrespective of whether the permit is true or false and also it should allow to change the permit when permit is 'true' only irrespective of whether status is 'Blocked' or 'Active'

    Regards,

    Rahul



    ------------------------------
    Rahul Raveendran
    Cognizant
    ------------------------------



  • 4.  RE: Metadata security issue

    Reltio Employee
    Posted 10-04-2023 03:36

    Hi Rahul,

    I think you need to apply metadata security at attribute level and not at entity level. Can you try applying metadata security at attribute level? You can find documentation here https://docs.reltio.com/en/explore/embark-on-your-journey/what-to-know-before-you-set-off/security/understanding-authorization/role-based-security/metadata-security#hide-attributes-in-reltio-ui-0

    Let me know how that goes

    Thanks,



    ------------------------------
    Saurabh Agarwal
    ------------------------------



  • 5.  RE: Metadata security issue

    Reltio Partner
    Posted 10-04-2023 03:50

    Hi Saurabh,

    I tried that as well. But it was not working .

    Is it possible to apply filter at attribute level in metadata security like below:

    {
            "uri": "configuration/entityTypes/XYZ/attributes/permit",
            "permissions": [
                {
                    "role": "role_permit",
                    "filter": "equals (attributes.permit,'true')",
                    "access": [
                        "READ",
                        "UPDATE",
                        "CREATE",
                        "DELETE"
                    ]
                }
            ]
        }



    ------------------------------
    Rahul Raveendran
    Cognizant
    ------------------------------



  • 6.  RE: Metadata security issue

    Reltio Employee
    Posted 10-05-2023 07:14

    Hi Rahul,

    The filters are not supported at attribute level. I don't think your requirement is supported at this moment. You can create an enhancement request in Reltio Ideas portal for the team to analyse and determine the feasibility of such functionality

    Thanks,



    ------------------------------
    Saurabh Agarwal
    ------------------------------