Security principle in Talend MDM - 7.3

Talend Data Fabric Studio User Guide

Version
7.3
Language
English (United States)
EnrichDitaval
Data Fabric
Product
Talend Data Fabric
Module
Talend Studio
Content
Design and Development

In Talend MDM, security is determined by the combination of users and their associated roles: system roles and custom roles.

The login and password defined in Talend Administration Center allow users to access Talend MDM Web UI and/or Talend Studio according to their assigned system roles. Each user can only be assigned to one system role.

In Talend Studio, an administrator can create and define custom roles, which can be assigned to MDM users through the Talend MDM Web UI.

Note: You can access a list of all users that have been defined in Talend Studio if you double-click the PROVISIONING system data container in the MDM Repository tree view. A simple click on the icon will list all Talend MDM users, that is to say users of the studio and the web user interface. Then a double-click on any user in the list will display all the detail of the selected user. In this dialog box, you can also see the XML source of the document if you click the Source tab.

In addition, Talend MDM offers granular security for entities, down to the attribute level. This access control is done inside the data model through setting up specific annotations. For further information, see Defining access control at the entity level in data model editor and Defining access control at the attribute level (access control annotation).

Finally, Talend MDM provides record-level security, horizontal security, which is set through the Views defined for each user role. You can use the View to filter the records that are accessible for a role. You can also create multiple Views on the same entity to allow users to have different predefined accesses on the records.

Note: For the access control defined inside the data model XML schema source, the most restrictive permission will always be taken into account. For example, if a user has two custom roles A and B, and custom role A has access to an object while custom role B does not, then the user will not have access to the object.