Reltio Connect

 View Only
  • 1.  READ ONLY role creation

    Posted 9 days ago

    Hi,

    I hope you all are doing well.

    I just realized that Reltio doesn't have a default read-only user role, which would allow a user to have read-only access to the tenant.

    How can we create such a role if we need one? There is another discussion thread on this topic, but the instructions are not clear.

    My request is that we need a user role like CUST_READ_ONLY, which allows someone to log in to the tenant and have read-only access. This user should be able to search and perform basic read-only operations.

    I would appreciate any inputs on this. Thank you.



    ------------------------------
    Rushyendar Akula
    Datasys Inc
    Concord NC
    ------------------------------



  • 2.  RE: READ ONLY role creation

    Reltio Employee
    Posted 9 days ago

    Hi Rushyendar, 

    You can create a custom role and use the metadata security to provide read-only access to relevant entities and relationships to that role. Here is what you should do 

    • Create a custom role, let's say ROLE_CUST_READ_ONLY using the "Create new role" option of User Management.


      You do not need to add any specific permission for this role here. 

    • Then use the Metadata Security API to assign READ permission to all entity and relation types for the newly created custom role. Here is a sample for how the permission set should look like

      [
          {
              "uri": "configuration/relationTypes",
              "permissions": [
                  {
                      "role": "ROLE_CUST_READ_ONLY",
                      "access": [
                          "READ"
                      ]
                  }
              ]
          },
          {
              "uri": "configuration/entityTypes",
              "permissions": [
                  {
                      "role": "ROLE_CUST_READ_ONLY",
                      "access": [
                          "READ"
                      ]
                  }
              ]
          }
      ]
      


    • Now your read-only role is created and if you assign this role to any user along with ROLE_API and ROLE_USER role for the relevant tenant(s), that user will get read-only access to the tenant. 

    Let me know if this helps. 



    ------------------------------
    Diparnab Dey
    Technical Consultant
    Reltio
    Kolkata, West Bengal
    ------------------------------



  • 3.  RE: READ ONLY role creation

    Posted 8 days ago

    Thank you, Diparnab. I created a new role on the UI and tried configuring read-only access to one of the entities using the URL and body below.

    After doing this, the user can log in but cannot see the Entity type. When I sent this request in Postman (tried both POST and PUT), I didn't see the new role in the response. Note that there is already another read-only role with a different name. Could this be the reason? I wasn't aware of the existing read-only role and tried to create a new one. I will use the old one, but I'm curious to know why the new role isn't working.

    endpoint URL used: http://test.reltio.com/reltio/permissions/<<Tenant>>

    Body:

    {
        "uri": "configuration/entityTypes/Product",
        "permissions": [
            { "role": "ROLE_READ_PRODUCT", "access": ["READ"] }
        ]
    }


    ------------------------------
    Rushyendar Akula
    Datasys Inc
    Concord NC
    ------------------------------



  • 4.  RE: READ ONLY role creation

    Reltio Employee
    Posted 8 days ago

    Rushyendar, 

    The body should be an array. And for updating the metadata security the you should use POST http methond. Here is a sample CURL 

    curl --location 'https://{{env}}.reltio.com/reltio/permissions/{{mdmTenant}}' \
    --header 'Authorization: Bearer {{accessToken}}' \
    --header 'Content-Type: application/json' \
    --data '[
      {
        "uri": "configuration/entityTypes/Product",
        "permissions": [
          {
            "role": "ROLE_READ_PRODUCT",
            "access": [
              "READ"
            ]
          }
        ]
      }
    ]'


    As you are saying there was metadata security updated previously for your tenant, I will recommend running the GET Permissions API to retrieve the current metadata security and apply your update on top of that before posting using the API shared above. 






    ------------------------------
    Diparnab Dey
    Technical Consultant
    Reltio
    Kolkata, West Bengal
    ------------------------------



  • 5.  RE: READ ONLY role creation

    Posted 8 days ago

    Hi Diparnab,

    It worked this time. Thanks a lot for your help on this.



    ------------------------------
    Rushyendar Akula
    Datasys Inc
    Concord NC
    ------------------------------