Talend Studio allows you to set specific security access rights for users when they update master data through a workflow process. Usually when you define the users that are required to intervene at a specific step in a workflow, see How to manage workflow actors in the BPM perspective (task assignment), these users have a write access to all the attributes defined as variables in the workflow. However, it is possible to set restrictive access rights (Read-only, or Hidden for example) on few of these attributes when browsing the records in Talend MDM Web User Interface.
Prerequisite(s): You have already connected to the MDM server from Talend Studio. At least one workflow has been created and one user role has been defined in the BPM perspective. For further information, see Designing a workflow using the workflow wizard and How to manage workflow actors in the BPM perspective (task assignment).
The following procedure is based on the workflow created in Designing a workflow from scratch.
To set up access rights to master data through a workflow process, do the following:
In this example, you are going to set workflow security for the Demo_User role as mentioned in How to manage workflow actors in the BPM perspective (task assignment).
This Demo_User role needs only to validate any change in the price of a product in the Product business entity. And as this role needs a write access only to the Price attribute, you may want then to grant it a read-only access to the Name attributes in the same business entity.
In the MDM Repository tree view, browse to your data model under the Data Model node, Product in this example, and double-click it.
The data model editor is displayed.
Expand the Product entity and browse to the Name attribute, right-click it and select Set the Workflow Access.
A dialog box is displayed.
Click the button to add a new line to the tabular list.
In the Roles column, click in the line and then select from the list the Demo_User role.
In the Workflow column, click in the line and then select from the list the name of the workflow for which you want to restrict access, Product_Product in this example.
Click in the Access Rights column and select Read-only from the list.
Click OK to validate your changes and close the dialog box.
You must deploy your changes to the server for them to be taken into account at runtime.
An annotation representing the defined workflow access right is displayed below the Annotations folder of the Name node in the Product business entity.
From now on, when a business user assigned the Demo_User role accesses the workflow task through Talend MDM Web User Interface, the task detail will have the Name field as read-only.