Talend MDM offers granular security for entities. This access control is done inside the data model through setting up specific annotations.
Before you begin
You have already created a data model and the business entities and attributes in the data model.
About this task
Consider as an example that your data model holds the following entities: Agency and Agent and that you have created a new role called General_Manager. You want to grant the General_Manager role a write access to the Agency entity and all its attributes.
To define access control on a business entity, do the following:
In the data model editor, right-click the Agency entity
and select Set the Roles with Write Access.
A dialog box is displayed.
- Click the arrow in the upper right corner of the dialog box to display a list of the roles defined in the Studio.
- Select from the list the role, General_Manager in this example, to which you want to grant a write access to the selected business entity.
Click the icon to
add the selected role to the Roles list.
Note: The set role recursively check box is selected by default. This will propagate the security setting to all subelements of the selected node: in this case, all attributes in the Agency entity. The security is set at the entity and attributes levels.
If required, do the same to grant access to as many roles as needed and then
click OK to validate your changes and close the dialog
The Annotation node below the Agency entity expands to show the role(s) that have access to the selected entity.
What to do next
The Annotation nodes below each attribute of the Agency entity will also list the defined role(s) since the set role recursively check box is selected.
Later, when a user is assigned one of these listed roles through Talend MDM Web UI, he/she can have a write access to the Agency entity and all its attributes.
If you do not want to give the General_Manager role access to all attributes in the Agency entity, do the following:
In the data model editor, expand Agency and browse to the attribute to which you do not want to give write access for the General_Manager role, the City attribute in this example.
Right-click City and select Set the Roles with Write Access to open the corresponding dialog box.
Select General_Manager from the list and then click the button.
The role is deleted from the Roles list.
Click OK to validate your changes and close the dialog box.
The Annotation node below the City attribute expands to show the role(s) that have access to the selected attribute. The General_Manager role has already been removed from the list.
If required, do the same to block the General_Manager access to as many attributes as needed.
This way the General_Manager role will have access to all attributes in the Agency entity except the City attribute.