Skip to Content

Introduction

This document describes, the step by step procedure to restrict the modules / tabs in Information Steward application as per developers / business users roles.

Overview

Generally, if a group of users are responsible to one module i.e., Data Insight / Metadata Management & Metapedia / Cleansing Package Builder / Match Review, they expect to see only the respective module (Tab) in Information Steward application. Some customers, for security reasons they are not interested to allow users to see / access all modules / Tabs. With the help of CMC security, we can restrict the Tabs in Information Steward as per User and Customer requirements, which enables flexibility, avoids confusion and enables tight security as per Customers expectations.


Step By Step Implementation

The below picture shows the Information Steward application before implementing the above said security.

IS_Before_Security.jpg

1. User Group Creation – Module Specific:- Create User Groups in CMC specific to modules as described below:

  • DI_MODULE – User Group for Data Insight Users
  • MDM_MODULE – User Group for Metadata Management & Metapedia Users
  • CPB_MODULE – User Group for Cleansing Package Builder Users
  • MR_MODULE – User Group for Match / Data Review Users

User_Group.jpg
2. Create Users – Module Specific:Create Users in CMC specific to modules as described below:

Users.jpg

3. Role assignment to Users:– Assign appropriate role to user by making the user member to per-defined user groups (Data Insight User, Data Review Administrator, etc)

Role_Addignment_To_User.jpg

4. Add respective Users to respective User Groups:– After assigning the appropriate role to users, add the users to respective User Group as per the assigned role. In this example, the following users are mapped as shown below:


User
Role Assigned
Added to User Group
rkamurthy_di Data Insight Administrator DI_MODULE
rkamurthy_mdm Metadata Management Data Steward MDM_MODULE
rkamurthy_mp Metapedia Author MDM_MODULE
rkamurthy_cpb Cleansing Package Builder CPB_MODULE
rkamurthy_mr Data Review Configuration Manager MR_MODULE

User_To_Group.jpg
5. Add User Groups to Information Steward Application:– As part of application security i.e., allowing users to access the specific application of CMC, add the user groups which we created above to Information Steward application.

Application Security.jpg

6. Restrict User Groups to Respective Information Steward Module:– This is the final step and import step to enable or disable the modules / tabs in Information Steward. The following table shows how the User Groups are restricted with respect to Information Steward modules:



Data Insight
Metadata Management
Metapedia
Match Review
Cleansing Package Builder
DI_MODULE Allow Restrict Restrict Restrict Restrict
MDM_MODULE Restrict Allow Allow Restrict Restrict
MP_MODULE Restrict Allow Allow Restrict Restrict
MR_MODULE Restrict Restrict Restrict Allow Restrict
CPB_MODULE Restrict Restrict Restrict Restrict Allow

Module_Restriction.jpg

Data Insight Module Restriction:

DI_Restriction.jpg

Metadata Management Module Restriction:

MDM_Restriction.jpg

Restrict other modules as per the table explained above.


7. Result of the Security:– After implementing the above security, following screen shows how the modules are restricted as per the user role.

Data Insight User Screen:

DI_Logon.jpg

Metadata Management User Screen:

MDM_Logon.jpg

Metapedia User Screen:

MP_Logon.jpg

Cleansing Package Builder User Screen:

CPB_Logon.jpg

Match Review User Screen:

MR1_Logon.jpg

MR2_Logon.jpg

Conclusion

We can restrict the modules / tabs in the Information Steward application as per the customer requirement and can provide flexible GUI for developers with the help of above security method.


Note:-

I am still in the process of testing this approach, if i found any issues or further improvements in the security model, will update in the next document.

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Don Staten

    By implementing this method I found the built-in security levels for Metapedia no longer functioned correctly. Meaning, the Metapedia User group now has Full Control in the Metapedia tab. Did you experience the same issue when testing these changes?

    (0) 
    1. Ramakrishna Kamurthy Post author

      Hi Don,

      The above method applies to all modules except Metapedia. In CMC, the Metapedia folder is part of Metadata Management, so it is not possible to apply restriction on Metapedia separately. To make use of built Metapedia security, don’t apply this security method on Metapedia folder, apply on Matadata Management.

      Thanks,

      Rama

      (0) 

Leave a Reply