Assign Object Role Responsibilities on a Repository Object to a User or Group
Please refer to the responsibilities and capabilities assignment model for an explanation of how users relate to role assignment.
Keep in mind that in order to have any object role assignments on a child object in Talend Data Catalog , one must at least have the View Metadatacapability object role assignment.to its parent. Thus, in order to create portions of the repository which are entirely inaccessible to a group, you may create a new folder at the root of the repository in order to assign special Metadata Viewercapability object role assignment for that folder and its children.
For metadata it generally assumed that all metadata should be visible to any authenticated user. This is the most common situation and Talend Data Catalog is designed for the ease of managing permissions with that assumption in mind. Thus, by design all repository objects can be viewed by default.
If NO user or group is assigned the Viewer security role on an object (or any of its parents), then all users will be able to view the object.
However, If ANY user or group is assigned the Viewer security role on an object (or any of its parents), then all other users will NOT be able to view the object (those users not assigned the Viewer security role on an object or a member of such a group).???
Steps
- Sign in as a user with at least the Security Managementcapability object role assignment.
- Go to MANAGE > Repository or MANAGE > Configuration.
- Select an object in the repository or configuration.
- Go to the Responsibilities tab.
- Use the ADD ROLE button to pick object roles to assign to the object.
The responsibilities that you assign for a configuration apply to the configuration, not its models. Thus, when you assign a group or user the Edit Metadata capability for that configuration then they have the ability to, for example, add a model to the configuration, but do not necessarily have permissions to edit the contained models within the configuration. Instead, each model in the configuration may also have its own responsibility assignments. Thus, if you wish to be able to edit the contained model properties, you will need to assign the Edit Metadata responsibility to that user or group on those objects, not just the configuration they are contained within. This is a very powerful feature that allows one to control who is Editor or Manager for individual models in a configuration, separately from security role assignments to the configuration itself.
You may, of course, use repository folder structure to manage the object responsibility assignments. For example, you may place all the models which should be editable in the same folder and assign the Edit Metadata responsibility at that level for the group or users you wish to be able to edit all of those models. This is because, while object responsibility assignments are not inherited through the configuration, security role assignments are inherited through the actual folder structure in Talend Data Catalog .
For viewing rights to a model (or glossary, etc.), the simplest best practice is to control viewing via configuration access, and not through restricting viewer rights to specific objects which may be in a configuration. This suggestion follows from the fact that any user who needs to open a configuration MUST ALSO have view permissions to all of the models in the configuration (either by explicitly assigning the View Metadata object responsibility to all the objects contained, or if no such assignment has been made, then the object is by default viewable). So, the easiest way to manage access to a model is to simply not include it in any open configuration.
Again, if ANY model of a configuration is not viewable by a user then the entire configuration is not viewable by that user.
Example
Log in as the Administrator user.
Go to MANAGE > Configuration. Select the Staging DW model. Go to the Responsibilities tab.
Click ADD ROLE and select Content Custodian.
To complete the responsibility assignment, pick Adam and Angela to be Content Custodians for Staging DW.
Click OK and then SAVE.