Defining access control at the attribute level (access control annotation)
Talend MDM offers granular security down to the attribute level. This access control is done inside the data model through setting up specific annotations.
Before you begin
You have already created a data model and the business entities and attributes in the data model.
About this task
Consider as an example that your data model holds the following entities: Agency and Agent and that you have created a new role called General_Manager. You want to grant this role a write access only to the CommissionCode attribute in the Agent entity.
To define access control on a specific attribute in a business entity, do the following:
Procedure
-
Right-click CommissionCode and select Set the
Roles with Write Access.
A dialog box is displayed.
Information noteNote:For a foreign key attribute with the Maximum Occurrence value set to a number greater than 1 or set to -1 (which means its maximum number of occurrences is not bounded), you can grant each role the add access and the remove access separately, and the dialog box will look like below.
A role with the write access to an attribute allows you to add and remove the value of that attribute through Talend MDM Web UI. A role with only the add or remove access to a foreign key attribute allows you to only add or remove the value of that foreign key attribute through Talend MDM Web UI.
-
Click the
icon to
add General_Manager to the Roles
list.
-
Click OK to validate your changes and close the dialog
box.
The Annotation node below the CommissionCode attribute expands to show the role with the write access.
Results
This way, the General_Manager role has a write access only to the CommissionCode attribute of the Agent business entity.