Security permissions

Security permissions are granular, they are set on every element of every entity and are not inherited at runtime. When setting permissions at design time, they can be propagated from parent elements to child elements.

Some rules:

• Always create your own roles. Never alter the system roles, these are for licensing purposes only.
• Never set the system roles to have permissions on the model, only use your own roles.
• To create an entity, you will need to write permissions on the entity itself and on the PK, plus any mandatory fields.
• Security roles are primarily used for Talend MDM Web UI processes. Access should be locked down to only allow set, specified business processes to be performed on the master or reference data by the stewards. Some MDM projects allow you to not write access on certain entities, or on any entities, since all write operations use the integration layer.
• At the entity level, you can set the following permissions:
  
• At the element level, you can set the following permissions:
  

The permissions defined in a role in Talend Studio do not directly relate to the ability to read or write to containers or entities:

Rather, they are a legacy security model from before the integration with Talend projects and Talend Administration Center. However, in order to see and be able to write to a given entity in a given model via the Talend MDM Web UI, permissions must be configured in the role for:

• Data model
• Data container
• Views

The permissions can be read only as per the inherit model in the image above. Read & Write has no effect on the ability to read or write using the Talend MDM Web UI.