Managing Roles, Users and Tenants

You can use Roles as the primary mechanism to grant privileges to a user account.

Working with Roles

You can define roles and specify their permissions to control your user's access, as required. By associating roles with tenants, you can grant or restrict user access to your data.

Reltio Platform offers the following two types of roles:
  • System roles: These are the default roles provided by Reltio to enable your access to the Reltio Platform. You cannot edit these predefined roles as the permissions for these roles are managed in the Reltio Platform. Each System role can either provide access to a single module/service, or, to a combination of several modules/services. For more information, see Exploring all System Roles.
  • Custom roles: You can create your own custom roles to provide access to your users as required. The permissions for these roles are owned and managed by the respective customers. These roles are available only within the scope of each customer.

Managing Users and Tenant Access

As a user, you need a Role and a Tenant to access any Reltio service. Your access is limited to the role that is assigned to you. Consider the example where two roles are assigned to you. In the first role (Role A), you may have the Create privilege on Resource A in Reltio Service X. Similarly, through the second role (Role B), you may have the Execute privilege on Resource B in Reltio Service Y. Your roles will be tied to your tenant assignments and you will be able to access Tenant 1 or Tenant 2 depending upon the role mapped to those tenants.

You can assign tenants to a role, and similarly, assign roles to a tenant as well. The roles that apply to specific tenants are called Tenant-specific Roles. Through these roles, you can provide restricted access to your tenants. This ability allows you to give multiple types of access rights to a user for different tenants, as required. The Security model ensures that users access each tenant with minimum privileges required to perform the tasks.

While assigning a role, you can specify the Tenant ID for which the specific role is applicable. For example, you can associate Role A with Tenant 1 and Role B with Tenants 2 and 3. This ensures that a user/group with Role A cannot access Tenants 2 and 3.

Note: Though the tenant association with the role happens when you assign a role to a user/group, the actual permissions for a role are set through the Roles Permission management.

Managing Groups

You can create Groups for the users who need the same kind of access. This feature enables you to easily manage the access provided to multiple users, on single or multiple tenants.

Groups and users have exactly the same kind of access management features. The advantage of using Groups is the ease of managing access at the group level for multiple users, instead of at the individual user level. Several users can be associated with groups that provide the right set of access.

Assigning Roles

You can use the User Management application in Console to manage user accounts, roles, tenants and groups for providing appropriate access to the users. For more information, see User Management.