Table of Contents

Search

  1. Preface
  2. Introduction
  3. IDD Concepts
  4. Implementation Process
  5. IDD Configuration Manager
  6. Manual IDD Configuration
  7. IDD Global Properties
  8. Sizing and Platform Requirements
  9. Application Components
  10. IDD Security Configuration
  11. Data Security
  12. Example Role-Based Security Configuration
  13. Data Masking
  14. Siperian BPM Workflow Engine
  15. Locale Codes
  16. Troubleshooting
  17. Glossary

Data Director Implementation Guide

Data Director Implementation Guide

Configure Resource Privileges for Base Objects and Affiliated Objects

Configure Resource Privileges for Base Objects and Affiliated Objects

Next, for each role, you configure the resource privileges for base objects and affiliated objects.
To configure base object permissions in the Roles tool, select the role you want to configure, expand the Base Objects node, expand the Party node, and configure privileges for the base object, content metadata, and match rule sets.
The following table shows the privileges that you should configure for this scenario.
Role Name
Resource Privileges
party_no_privileges_role
No permissions.
party_read_only_role
  • READ privileges to all columns in the PARTY base object
  • READ privileges to an applicable match rule set
  • READ privileges to content metadata (HISTORY, RAW, and XREF).
party_create_role
  • READ privileges to all columns in the PARTY base object.
  • READ privileges to an applicable match rule set
  • READ privileges to content metadata (HISTORY, RAW, and XREF)
  • CREATE privileges to all columns in the PARTY base object (required for creating a new record)
  • UPDATE privileges to all columns in the PARTY base object (if you want to allow this role to update an existing record as well)
party_update_role
  • READ privileges to all columns in the PARTY base object.
  • READ privileges to an applicable match rule set
  • READ privileges to content metadata (HISTORY, RAW, and XREF)
  • UPDATE privileges to all columns in the PARTY base object (required for saving changes to a record)
  • If your base object has relationships with other base objects (for example, parent-child relationships, foreign key lookups, or one-to-one relationships), you need to configure access to all of these resources as well. Lookups require READ access, while related base objects require permissions that are comparable to the core base object).
  • You can selectively disable READ privileges on certain columns so that users cannot see them in the IDD application. Similarly, you can enable READ and disable UPDATE privileges so that users can see the columns but not change any data.
  • You must configure READ access to a match rule set in order for Find Duplicates to work.
  • You can control whether a role can view history (requires READ privileges to HISTORY), view cross references (requires READ privileges to XREF), and view raw records (requires READ privileges to RAW).
  • Select (check)
    Show Only Resources for this Role
    to quickly see what resources are assigned to the current role.

0 COMMENTS

We’d like to hear from you!