Attaching Views to user roles: record-level security
As outlined in Creating a View, you can easily create Views over one or multiple business entities held in a specific data model. Once a View is created, you can attach it to a specific user role in Talend Studio in order to filter the records that are accessible for this user role.
Later when this role is assigned to a user through Talend MDM Web UI, this user will be able to visualize specific records in business entities according to the criteria defined in the View itself.
Views then can filter data on its content before delivering it to a specific user and thus make it possible to give access to data according to the user responsibilities and information to which he/she requires access.
Prerequisite(s): You have already connected to the MDM server from Talend Studio. At least one View and one user role have been created.
To attach a specific View to a specific user role, do the following:
-
In the MDM Repository tree view, expand Role and browse to the role to which you want to attach one or more Views and then double-click it.
The corresponding role editor displays.
Information noteNote: You can always select the Admin Permissions On All Instances check box if you want to grant the selected user role a Read & Write permission on all data objects (administrator permissions). -
From the Object Type list, select View.
-
If you want to grant the selected role access permission on all listed Views, type Browse_items_.* in the Read and Write Permissions On Specific Instances field.
-
Select access type (Read Only or Read & Write) and then click the button to add the access parameter to the table below.
This will grant the selected role access to data through all created Views.
-
If you want to grant the selected role access permission according to a specific View, select from the Read and Write Permission On Specific Instances list the required View.
-
Select access type (Read Only or Read & Write) and then click the button to add the access parameter to the table below.
This will grant the selected role access to data according to the criteria defined in the selected View.
Information noteNote: You can right-click the access parameter and select Delete the selected item(s) to delete the parameter from the table.
From this editor, you can also modify access parameters for the selected role through modifying the criteria of the selected View.
To modify access parameters for the selected user role, do the following:
-
Double-click the selected View to open a table. Here you can set new WHERE conditions to restrict access in the View.
-
Set the xpath filter according to the business needs and as outlined in Creating and defining a simple View.
In this example, you want to restrict the access of the Country_Manager_UK role only to agencies based in the United Kingdom.
-
Save your changes.
Whenever the Country_Manager_Role is assigned to a specific user in Talend MDM Web UI, this user will have a read and write access only to agencies based in the United Kingdom.