Reltio Connect

 View Only
  • 1.  READ ONLY role creation

    Posted 13 days ago

    Hi,

    I hope you all are doing well.

    I just realized that Reltio doesn't have a default read-only user role, which would allow a user to have read-only access to the tenant.

    How can we create such a role if we need one? There is another discussion thread on this topic, but the instructions are not clear.

    My request is that we need a user role like CUST_READ_ONLY, which allows someone to log in to the tenant and have read-only access. This user should be able to search and perform basic read-only operations.

    I would appreciate any inputs on this. Thank you.



    ------------------------------
    Rushyendar Akula
    Datasys Inc
    Concord NC
    ------------------------------



  • 2.  RE: READ ONLY role creation

    Reltio Employee
    Posted 12 days ago

    Hi Rushyendar, 

    You can create a custom role and use the metadata security to provide read-only access to relevant entities and relationships to that role. Here is what you should do 

    • Create a custom role, let's say ROLE_CUST_READ_ONLY using the "Create new role" option of User Management.


      You do not need to add any specific permission for this role here. 

    • Then use the Metadata Security API to assign READ permission to all entity and relation types for the newly created custom role. Here is a sample for how the permission set should look like

      [
          {
              "uri": "configuration/relationTypes",
              "permissions": [
                  {
                      "role": "ROLE_CUST_READ_ONLY",
                      "access": [
                          "READ"
                      ]
                  }
              ]
          },
          {
              "uri": "configuration/entityTypes",
              "permissions": [
                  {
                      "role": "ROLE_CUST_READ_ONLY",
                      "access": [
                          "READ"
                      ]
                  }
              ]
          }
      ]
      


    • Now your read-only role is created and if you assign this role to any user along with ROLE_API and ROLE_USER role for the relevant tenant(s), that user will get read-only access to the tenant. 

    Let me know if this helps. 



    ------------------------------
    Diparnab Dey
    Technical Consultant
    Reltio
    Kolkata, West Bengal
    ------------------------------



  • 3.  RE: READ ONLY role creation

    Posted 12 days ago

    Thank you, Diparnab. I created a new role on the UI and tried configuring read-only access to one of the entities using the URL and body below.

    After doing this, the user can log in but cannot see the Entity type. When I sent this request in Postman (tried both POST and PUT), I didn't see the new role in the response. Note that there is already another read-only role with a different name. Could this be the reason? I wasn't aware of the existing read-only role and tried to create a new one. I will use the old one, but I'm curious to know why the new role isn't working.

    endpoint URL used: http://test.reltio.com/reltio/permissions/<<Tenant>>

    Body:

    {
        "uri": "configuration/entityTypes/Product",
        "permissions": [
            { "role": "ROLE_READ_PRODUCT", "access": ["READ"] }
        ]
    }


    ------------------------------
    Rushyendar Akula
    Datasys Inc
    Concord NC
    ------------------------------



  • 4.  RE: READ ONLY role creation

    Reltio Employee
    Posted 12 days ago

    Rushyendar, 

    The body should be an array. And for updating the metadata security the you should use POST http methond. Here is a sample CURL 

    curl --location 'https://{{env}}.reltio.com/reltio/permissions/{{mdmTenant}}' \
    --header 'Authorization: Bearer {{accessToken}}' \
    --header 'Content-Type: application/json' \
    --data '[
      {
        "uri": "configuration/entityTypes/Product",
        "permissions": [
          {
            "role": "ROLE_READ_PRODUCT",
            "access": [
              "READ"
            ]
          }
        ]
      }
    ]'


    As you are saying there was metadata security updated previously for your tenant, I will recommend running the GET Permissions API to retrieve the current metadata security and apply your update on top of that before posting using the API shared above. 






    ------------------------------
    Diparnab Dey
    Technical Consultant
    Reltio
    Kolkata, West Bengal
    ------------------------------



  • 5.  RE: READ ONLY role creation

    Posted 12 days ago

    Hi Diparnab,

    It worked this time. Thanks a lot for your help on this.



    ------------------------------
    Rushyendar Akula
    Datasys Inc
    Concord NC
    ------------------------------