Access to applications and the content within applications in the Stewardship Tier is granted through security roles. A role is a single unit used to authorize specified security to the assigned user. Users can be assigned to multiple roles.
Roles manage two forms of access to the Stewardship Tier:
- Application access—driven by WebApp Group assignment.
- Content access—driven by Security Definition Key Value assignment.
Syniti recommends that delivered roles are used as a template for providing users with Stewardship Tier Application access. Using Stewardship Tier-provided functionality, these roles can be further tailored to fit specific requirements. To maximize efficiency and security, provision application and content access through separate roles. Assign users who manage security for content to the ContentKeySecurity WebApp group. Assign users who grant user access to applications to the UserManagement WebApp group.
The Stewardship Tier is delivered with a range of Roles that provide specific user application access across all Stewardship Tier solutions and components. Refer to Delivered Security Roles and Copy a Security Role for more information.
Additionally, Stewardship Tier WebApps include a range of WebApp Groups intended to be used as building blocks for custom roles. Refer to Delivered WebApp Groups and Assign WebApp Groups to Security Roles for more information.
Role types determine which permissions can be granted with each role.
There are three types of security roles:
- Standard—Allows WebApp Groups and Security Keys assignment. Create or customize application roles to manage application and content access for typical user roles. For example, the "Data Governance Processor" role is assigned WebApp groups in
MDM,Mass Maintenance, Monitor and any Custom Apps that a Role Processor would need.
- Content—Allows Security Keys assignment only. Create content roles to grant access to specific data in an application. For example, a content role for "US Material Master" would be assigned keys for
the "US Material Master" position in MDM,the "US Material Master" Group in Data Quality and a number of Mass Maintenance Template+Role assignments related to "US Material Master" templates.
- Application—Allows WebApp Groups assignment only.
To efficiently manage application and content access, assign users a combination of roles that grant Application and Content access. For example, to grant security access to a user who processes requests in Mass Maintenance for US Material Master content, apply two roles:
- "Data Governance Processor" standard role, which allows application access for WebApp groups in Mass Maintenance.
- "US Material Master" content role, which allows content access for Material Master data in the United States.
This section includes the following topics: