Introduction
This document describes, the step by step procedure to restrict the modules / tabs in Information Steward application as per developers / business users roles.
Overview
Generally, if a group of users are responsible to one module i.e., Data Insight / Metadata Management & Metapedia / Cleansing Package Builder / Match Review, they expect to see only the respective module (Tab) in Information Steward application. Some customers, for security reasons they are not interested to allow users to see / access all modules / Tabs. With the help of CMC security, we can restrict the Tabs in Information Steward as per User and Customer requirements, which enables flexibility, avoids confusion and enables tight security as per Customers expectations.
Step By Step Implementation
The below picture shows the Information Steward application before implementing the above said security.
1. User Group Creation - Module Specific:- Create User Groups in CMC specific to modules as described below:
- DI_MODULE - User Group for Data Insight Users
- MDM_MODULE - User Group for Metadata Management & Metapedia Users
- CPB_MODULE - User Group for Cleansing Package Builder Users
- MR_MODULE - User Group for Match / Data Review Users
2. Create Users - Module Specific:- Create Users in CMC specific to modules as described below:
3. Role assignment to Users:- Assign appropriate role to user by making the user member to per-defined user groups (Data Insight User, Data Review Administrator, etc)
4. Add respective Users to respective User Groups:- After assigning the appropriate role to users, add the users to respective User Group as per the assigned role. In this example, the following users are mapped as shown below:
| User | Role Assigned | Added to User Group |
|---|---|---|
| rkamurthy_di | Data Insight Administrator | DI_MODULE |
| rkamurthy_mdm | Metadata Management Data Steward | MDM_MODULE |
| rkamurthy_mp | Metapedia Author | MDM_MODULE |
| rkamurthy_cpb | Cleansing Package Builder | CPB_MODULE |
| rkamurthy_mr | Data Review Configuration Manager | MR_MODULE |
5. Add User Groups to Information Steward Application:- As part of application security i.e., allowing users to access the specific application of CMC, add the user groups which we created above to Information Steward application.
6. Restrict User Groups to Respective Information Steward Module:- This is the final step and import step to enable or disable the modules / tabs in Information Steward. The following table shows how the User Groups are restricted with respect to Information Steward modules:
| | Data Insight | Metadata Management | Metapedia | Match Review | Cleansing Package Builder |
|---|---|---|---|---|---|
| DI_MODULE | Allow | Restrict | Restrict | Restrict | Restrict |
| MDM_MODULE | Restrict | Allow | Allow | Restrict | Restrict |
| MP_MODULE | Restrict | Allow | Allow | Restrict | Restrict |
| MR_MODULE | Restrict | Restrict | Restrict | Allow | Restrict |
| CPB_MODULE | Restrict | Restrict | Restrict | Restrict | Allow |
Data Insight Module Restriction:
Metadata Management Module Restriction:
Restrict other modules as per the table explained above.
7. Result of the Security:- After implementing the above security, following screen shows how the modules are restricted as per the user role.
Data Insight User Screen:
Metadata Management User Screen:
Metapedia User Screen:
Cleansing Package Builder User Screen:
Match Review User Screen:
Conclusion
We can restrict the modules / tabs in the Information Steward application as per the customer requirement and can provide flexible GUI for developers with the help of above security method.
Note:-
I am still in the process of testing this approach, if i found any issues or further improvements in the security model, will update in the next document.
- SAP Managed Tags:
3 Comments
