Skip to main content Skip to complementary content

Defining access control at the attribute level (access control annotation)


Talend MDM offers granular security down to the attribute level. This access control is done inside the data model through setting up specific annotations.

Before you begin

You have already created a data model and the business entities and attributes in the data model.

About this task

Consider as an example that your data model holds the following entities: Agency and Agent and that you have created a new role called General_Manager. You want to grant this role a write access only to the CommissionCode attribute in the Agent entity.

To define access control on a specific attribute in a business entity, do the following:


  1. In the data model editor, expand the Agent entity and browse to the CommissionCode attribute.
  2. Right-click CommissionCode and select Set the Roles with Write Access.
    A dialog box is displayed.
    Information noteNote:

    For a foreign key attribute with the Maximum Occurrence value set to a number greater than 1 or set to -1 (which means its maximum number of occurrences is not bounded), you can grant each role the add access and the remove access separately, and the dialog box will look like below.

    A role with the write access to an attribute allows you to add and remove the value of that attribute through Talend MDM Web UI. A role with only the add or remove access to a foreign key attribute allows you to only add or remove the value of that foreign key attribute through Talend MDM Web UI.

  3. Click the arrow in the upper right corner of the dialog box to display a list of the roles defined in Talend Studio.
  4. Select from the list the role, General_Manager in this example, to which you want to grant a write access to the CommissionCode attribute.
  5. Click the icon to add General_Manager to the Roles list.
  6. Click OK to validate your changes and close the dialog box.

    The Annotation node below the CommissionCode attribute expands to show the role with the write access.


This way, the General_Manager role has a write access only to the CommissionCode attribute of the Agent business entity.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!