User Role and Module Settings

Avatar
Hassan Ghafoor
Follow

Introduction

DvSum Data Catalog allows its users to have specific access to particular Datasets and Glossary Terms. Imagine if there are multiple Tables and Terms in your application and you have to give access to individual tables and terms to some specific users, you can not tell the users to not look into those tables. In another scenario where you only want to give access to only "View" for some tables or terms and "Edit" access for some tables and terms, this can be challenging but no need to worry because DvSum through User roles and Fine Grain settings allows Admins if they want to give someone access to particular tables or terms and further they can also define whether to give Edit or View access.

Another cool feature along with User Role is Module Settings. Users can define for which data domains or sub-domains they want the governance/workflow enabled or disabled. Further on the Table level they can define for which Tables they want to enable Chat with Data or Data Quality. Both features will be explained in detail in this article.

User Roles

User Roles can be added from the Administration Tab. Here there are 4 tabs in the user role. The first one is the general one where the user can add a name and assign a group to this role. This assigned group is further assigned to users which can be controlled according to the settings in the Admin, System Catalog, and Business Glossary Tab. 

adding_role.png

 

viewersrole.png

From the Admin Tab, the user can select the Admin permissions and from the System Catalog and Business Glossary Tab, the user can give permissions accordingly 

userroless.png

systemcataloggss.png

 

Fine Grain Control (System Catalog)

Fine Grain allows further control over Data Sources and Tables inside them for Catalog and the same goes for Terms in the Glossary. Let us consider an example for a better understanding of this feature. Let's say you are an Admin and another person in the company wants the edit access of one Snowflake catalog. From fine grain, you can give the edit permissions for that particular dataset.

editonsnowfla.png

In the above example, edit permissions will be granted to this user role only for the enabled data source. The user can decide the level of access he wants to give, he can either give "View & Chat" or "Edit" Permissions. Now admin can further filter the data source by using the Table Exclusion criteria below.

status+tags.png

Note: There are two options for Table Exclusion criteria which are shown above.

Let us say that in the data source to which you have given access, you do not want to give this user role access to the tables which have sensitive tags then you will need to mention the criteria like this:

tags.sensitive.png

This change would have reflected like this:

On the Admin account:

on_admin_acct.png

The above two highlighted tables won't be showing in my user account which will have the user role settings which are mentioned above because these tables have Sensitive tags. On the User account, it will show like this:

onuseracct.png

Here not only did we restrict the access of this user to specific Tables but we further restricted the edit access of this user. Now this user can make edit changes on any of the tables.

One Important thing is that Fine Grain Control will only be available if the permission above selected is either Editor or Viewer, otherwise, Fine Grain Control won't show on the UI.

 

Fine Grain Control (Business Glossary)

Let's consider another example for a better understanding of Fine Grain Control in the Business Glossary. Let's say you are a Glossary admin and you basically have access to all the domains and sub-domains in the glossary but a glossary editor comes to you and wants access to particular domains and terms inside it. But you only want to show the terms of this domain which have the status of "Published". This can be achieved as follows:
glossary_criteria.png

Here Edit Access is given to the Domain "Securities" and its sub-domains and terms inside it. Here another filter is applied that only terms which are published could be edited. 

For Example, on the Admin Account, we have three terms that are not published:

modified.png

Now the User who will have the user role settings above won't be able to see the highlighted terms because they are fulfilling the exclusion criteria. On the User account:

on_user.png

 

Module Settings

Module Settings can be accessed through the Account Settings Tab under the Administration Tab. In the Module Settings, we have three options which are:

1- Governance

2- Chat With Data

3- Data Quality

The settings which are applied in the module settings will be reflected on the admin account that is setting these permissions and all the accounts which are associated with this account.

governance.png

                          

Governance

In the Governance if the Data Governance checkbox is enabled then the workflow of the Domains or sub-domains will be enabled otherwise the workflow checkbox on the Domain or sub-domain won't be accessible. Just like on the user roles we also have Fine Grain Control in the Module settings to apply necessary filters. On enabling Fine Grain below Default settings shows up which have two options. When this is set enabled then on adding a new domain workflow for that domain would automatically be enabled, there will be no need for enabling that domain.
enable_disable.png

 

Let us consider an example here I want to enable governance for the Domain "Engineering 100" and the terms inside it but the terms which have the tag of "Restricted" should not have governance enabled:
engineering101.png

Now once the governance is enabled user can enable workflow from the Data Domain or Sub domain:
enabled_workflow.png

After the workflow is enabled every term in this domain will have governance enabled except for the term which has the tag "Restricted" as mentioned in the exclusion criteria:

workflow_onterms.png

 

And the existing Term which has the exclusion criteria won't have governance enabled:

no_workflow_exclusion_Criteria.png

 

Chat with Data

Just Like Data Governance, when the checkbox of Chat with Data is checked on Module Settings then Chat Bots and Talk to your Data will be enabled for all the sources. On clicking the Fine Grain Control under the default settings there are two options. When this is set to enable then whenever any new source is added, Chat Bots for that source will be automatically enabled.

chatdata.png

Below the Default settings, the user can enable Chat with Data for specific tables. For example, if the user wants to enable chat bot for one specific source then that source can be moved to Enabled:

enabled_source.png

 

This can be further filtered by adding Table exclusion criteria or Column exclusion criteria. For Example if the user does not want to include some tables in chat bots that have the "Restricted Tag" and columns that have the "Sensitive" tag then these tables and columns will not be available on the chat bots of that particular source.

exclusioncriteras.png

So the expected behavior would be that all the tables inside the Datasource "Snowflake_4th_August" will be included in Chat Bots except for the Tables that will have the tag "Restricted". Now here is an example of a table "Dwh.Nyc City Bikes" that has the exclusion criteria:

exclusion_criteria.png

not_available.png

                            

And for columns that are excluded from the Chat Bots will be excluded from the chat and shown like this:

column_excluded.png

Data Quality            

Just Like Data Governance and Chat with Data, when the checkbox of Data Quality is checked on Module Settings then Data Quality will be enabled for all the sources. On clicking the Fine Grain Control under the default settings there are two options. When this is set to enable then whenever any new source is added then automatically Data Quality tab for that source will be automatically enabled.

dataquality.png

Below the Default settings, the user can enable Data Quality for specific tables. For example, if the user wants to enable the Data quality tab for one specific source then that source can be moved to Enabled:

enabled_source.png

This can be further filtered by adding Table exclusion criteria or Column exclusion criteria. Like if the user wants to disable the DQ tab for tables that have the "Restricted Tag" and columns which have the "Sensitive" tag should be disabled in the chat.

exclusion_criteria.png

So the expected behavior would be that all the tables inside the Datasource "Snowflake_DWH" will have the Data Quality tab enabled except for the Tables which will have the tag "Restricted":

dataqualityenabled.png

                    

nodq.png

                               

The Columns which will be not included the Data Quality tab then simply those columns won't show on the Data Quality tab under the Details heading:

details.png

     

Link Between User Role and Module Settings

User role settings are applied at the user level, and module settings are applied for all the associated as well as the admin account. For example in the user roles admin has given access to View and Chat for some sources so for that he will need to enable Chat with Data from module settings also so that Chat topics are enabled so here Module settings and User role had a kind of Parent-child relationship but user roles and module settings can work without dependency depending upon the requirement.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk