Role-based Security
Users’ access privileges are defined by the roles assigned to the user by the TIBCO MDM Administrator. Privileges are based on the functions performed by a role.
Users may be assigned one or more roles, with each role granting the user a different access privilege and level. TIBCO MDM includes standard pre-defined, out-of-the-box user roles. You can define your own custom roles in addition to those to meet your specific business needs.
Role-based security in TIBCO MDM is determined by negative logic. TIBCO MDM checks which functions are not allowed. Role-based security works on functions associated with HTML elements. Functions identify a logical group of work, primarily menu items. For example, the repository function groups all repository related functions together.
There are two aspects of role-based security:
- Dynamic menu generation: If you change the user roles, the menus are updated the next time a page is refreshed.
- Filtering HTML elements: Certain HTML elements can be added or removed based on assigned user roles.
HTML elements are the hyper links such as the add new record link. You cannot control access to action links like ‘modify’, ’copy’, and so on that appear against a list entry on a page. Security is applied after the page is built.