OvalEdge Objects Security
      Back to home
      1. Knowledge Base
      2. Access Management
      3. OvalEdge Objects Security

      Business Glossary Security

      Summary

      Business glossaries are created and maintained at the Domain level. Domains are used to categorize the organization's data assets that help in configuring the classifications, categories and to maintain the business glossary terms.

      Each domain created must have by default a steward, and a reviewer who can manage the domain level terms. For more information on the user responsibilities and purpose of business glossary term, see this article Introduction to Domains & Categories to know more about Domain Management.

      There can be multiple aspects of Business Glossary security:

      1. Who can search / lookup terms
      2. Who can create/ suggest terms
      3. Who can approve and publish
      4. Who can assign the data objects to the terms.

      Permissions in Business Glossary terms

      • Business Glossary terms are created on the DOMAIN Level. 
      • Any user role with META READ ONLY permissions on a specific DOMAIN can only view the terms in that domain.
      • Any user role with META READ_WRITE permissions on a specific DOMAIN can create and suggest a term in the domain.
      • Terms in both DRAFT and PUBLISHED status can be associated with a data object. However, when a term in Draft status is associated, no business logic is applied to the data object. Neither you can copy the term title or description to the data object nor mask or restrict the associated data.
      • You must have a META READ_WRITE permission on a data object and a minimum META READ ONLY permission on a domain to associate a data object to a term.
      • You must have a minimum META READ ONLY permission on a domain to organize these terms to a custom tag or DAG Tags(However, users should have additional permission to organize using DAG tag).
      • With ADMIN access you can create custom fields(additional attributes) on glossary terms.
      • You must classify a Domain and configure the data classifications before suggesting a term in that Domain.
      • Terms created for a Domain can be hierarchically organized by Categories and Sub-categories.

      Roles & Permissions of a Domain

      Business Glossary terms created under a domain inherit the user role and permissions from the Domain.

      OvalEdge ADMIN -

      • Domains can only be created by OVALEDGE_ADMIN through the Security feature. 
      • Can assign Steward, and Reviewer to each domain. Each category within a domain can have an optional steward and reviewer to manage the terms under each category.
      • Can assign User roles and give permission to other users to access the data assets, and Business Glossaries.
      • Can alter the user role permission on each domain. The default User roles will get a Meta Read-only permission on available Domains. 

      The following are the two user role Meta permissions and their privileges that reflect on the terms :

      Meta Permission Type

      Permission Abbreviation

      Access Privileges

      READ ONLY

      RO
      • No rights to edit Domain Steward/Reviewer
      • No rights to edit DAG TAG Owner/ Steward/ Author
      • No rights to create a new DAG tag.
      • Can view DAG TAG’s only when the user-role at least has Read-only permissions on Domains.
      • Tagging data elements and adding Glossary terms  to data Tables/Reports/Files (Depends on Metadata Permissions on DAG TAG)
      • Cannot suggest a Business Glossary term.
      • Cannot associate Business Glossary terms to data objects.
      • Cannot delete a Data asset group tag/ business Glossary term/PII 
      • Data access of an object associated with a term depends on the Data permissions set for data objects at schema level.
      • STEWARD with Domain Read-Only access can only review the term but cannot suggest a term.
      • REVIEWER with Domain Read-Only access can only Publish a term but cannot suggest a term.

      READ_WRITE

      RW
      • No rights to edit Domain Owner/ Steward/ Approver(User should have OE_ADMIN access)
      • Has no rights to edit Owner/Steward/Author of Data Asset Group TAG
      • Has rights to delete the Business glossary terms/PII
      • Can create a Business glossary term for that domain.
      • Tagging data elements and adding Glossary terms  to data tables/Reports/files (Depends on Metadata Permissions on DAG TAG)
      • Data access depends on the Data permissions set for data objects.
      • STEWARD with Domain Read-Write access can review and suggest a term.
      • REVIEWER with Domain Read-Write access can Publish a term and suggest a term.

      Rules while sharing Domain access

      • When you give domain access to a user role, the users in that role can see all the business glossary terms in that domain.
      • When similar data objects in a domain are grouped through a DAG Tag, then the DAG TAG owner and steward will manage and control the access approval on those data objects.
      • To access the data objects that belong to a DAG tag, a user role must have a minimum Metadata Read permissions. To access its data the user role must have a minimum Data Preview permission.