Introduction
DvSum Data Catalog allows its users to have specific access to particular Datasets and Glossary Terms. Imagine if there are multiple Tables and Terms in your application and you have to give access to individual tables and terms to some specific users, you can not tell the users to not look into those tables. In another scenario where you only want to give access to only "View" for some tables or terms and "Edit" access for some tables and terms, this can be challenging but no need to worry because DvSum through User roles and Fine Grain settings allows Admins if they want to give someone access to particular tables or terms and further they can also define whether to give Edit or View access.
Another cool feature along with User Role is Module Settings. Users can define for which data domains or sub-domains they want the governance/workflow enabled or disabled. Further on the Table level they can define for which Tables they want to enable Chat with Data or Data Quality. Both features will be explained in detail in this article.
User Roles
User Roles can be added from the Administration Tab. Here there are 4 tabs in the user role. The first one is the general one where the user can add a name and assign a group to this role. This assigned group is further assigned to users which can be controlled according to the settings in the Admin, System Catalog, and Business Glossary Tab.
From the Admin Tab, the user can select the Admin permissions and from the System Catalog and Business Glossary Tab, the user can give permissions accordingly
Fine Grain Control (System Catalog)
Fine Grain allows further control over Data Sources and Tables inside them for Catalog and the same goes for Terms in the Glossary. Let us consider an example for a better understanding of this feature. Let's say you are an Admin and another person in the company wants the edit access of one Snowflake catalog. From fine grain, you can give the edit permissions for that particular dataset.
In the above example, edit permissions will be granted to this user role only for the enabled data source. The user can decide the level of access he wants to give, he can either give "View & Chat" or "Edit" Permissions. Now admin can further filter the data source by using the Table Exclusion criteria below.
Note: There are two options for Table Exclusion criteria which are shown above.
Let us say that in the data source to which you have given access, you do not want to give this user role access to the tables which have sensitive tags then you will need to mention the criteria like this:
This change would have reflected like this:
On the Admin account:
The above two highlighted tables won't be showing in my user account which will have the user role settings which are mentioned above because these tables have Sensitive tags. On the User account, it will show like this:
Here not only did we restrict the access of this user to specific Tables but we further restricted the edit access of this user. Now this user can make edit changes on any of the tables.
One Important thing is that Fine Grain Control will only be available if the permission above selected is either Editor or Viewer, otherwise, Fine Grain Control won't show on the UI.
Fine Grain Control (Business Glossary)
Let's consider another example for a better understanding of Fine Grain Control in the Business Glossary. Let's say you are a Glossary admin and you basically have access to all the domains and sub-domains in the glossary but a glossary editor comes to you and wants access to particular domains and terms inside it. But you only want to show the terms of this domain which have the status of "Published". This can be achieved as follows:
Here Edit Access is given to the Domain "Securities" and its sub-domains and terms inside it. Here another filter is applied that only terms which are published could be edited.
For Example, on the Admin Account, we have three terms that are not published:
Now the User who will have the user role settings above won't be able to see the highlighted terms because they are fulfilling the exclusion criteria. On the User account:
Module Settings
Module Settings can be accessed through the Account Settings Tab under the Administration Tab. In the Module Settings, we have three options which are:
1- Governance
2- Chat With Data
3- Data Quality
The settings which are applied in the module settings will be reflected on the admin account that is setting these permissions and all the accounts which are associated with this account.
Governance
In the Governance if the Data Governance checkbox is enabled then the workflow of the Domains or sub-domains will be enabled otherwise the workflow checkbox on the Domain or sub-domain won't be accessible. Just like on the user roles we also have Fine Grain Control in the Module settings to apply necessary filters. On enabling Fine Grain below Default settings shows up which have two options. When this is set enabled then on adding a new domain workflow for that domain would automatically be enabled, there will be no need for enabling that domain.
Let us consider an example here I want to enable governance for the Domain "Engineering 100" and the terms inside it but the terms which have the tag of "Restricted" should not have governance enabled:
Now once the governance is enabled user can enable workflow from the Data Domain or Sub domain:
After the workflow is enabled every term in this domain will have governance enabled except for the term which has the tag "Restricted" as mentioned in the exclusion criteria:
And the existing Term which has the exclusion criteria won't have governance enabled:
Chat with Data
Just Like Data Governance, when the checkbox of Chat with Data is checked on Module Settings then Chat Bots and Talk to your Data will be enabled for all the sources. On clicking the Fine Grain Control under the default settings there are two options. When this is set to enable then whenever any new source is added, Chat Bots for that source will be automatically enabled.
Below the Default settings, the user can enable Chat with Data for specific tables. For example, if the user wants to enable chat bot for one specific source then that source can be moved to Enabled:
This can be further filtered by adding Table exclusion criteria or Column exclusion criteria. For Example if the user does not want to include some tables in chat bots that have the "Restricted Tag" and columns that have the "Sensitive" tag then these tables and columns will not be available on the chat bots of that particular source.
So the expected behavior would be that all the tables inside the Datasource "Snowflake_4th_August" will be included in Chat Bots except for the Tables that will have the tag "Restricted". Now here is an example of a table "Dwh.Nyc City Bikes" that has the exclusion criteria:
And for columns that are excluded from the Chat Bots will be excluded from the chat and shown like this:
Data Quality
Just Like Data Governance and Chat with Data, when the checkbox of Data Quality is checked on Module Settings then Data Quality will be enabled for all the sources. On clicking the Fine Grain Control under the default settings there are two options. When this is set to enable then whenever any new source is added then automatically Data Quality tab for that source will be automatically enabled.
Below the Default settings, the user can enable Data Quality for specific tables. For example, if the user wants to enable the Data quality tab for one specific source then that source can be moved to Enabled:
This can be further filtered by adding Table exclusion criteria or Column exclusion criteria. Like if the user wants to disable the DQ tab for tables that have the "Restricted Tag" and columns which have the "Sensitive" tag should be disabled in the chat.
So the expected behavior would be that all the tables inside the Datasource "Snowflake_DWH" will have the Data Quality tab enabled except for the Tables which will have the tag "Restricted":
The Columns which will be not included the Data Quality tab then simply those columns won't show on the Data Quality tab under the Details heading:
Link Between User Role and Module Settings
User role settings are applied at the user level, and module settings are applied for all the associated as well as the admin account. For example in the user roles admin has given access to View and Chat for some sources so for that he will need to enable Chat with Data from module settings also so that Chat topics are enabled so here Module settings and User role had a kind of Parent-child relationship but user roles and module settings can work without dependency depending upon the requirement.
0 Comments