Overview
The article explains Data Access Management (DAM) and how it works in OvalEdge. This feature makes it easy for organizations to quickly view, modify, and sync role’s or user’s or group’s permissions on various corresponding data objects (such as, Databases/Schemas/Tables/Table columns/Projects/Reports/Folders/Files, etc.) with the connected source system. This capability makes it easier to manage permissions without writing complex queries or relying on Database Administrators. In addition, this article covers how to create and modify Roles, Users, Policies like Masking Policies or Row Access Policies, and Tags and sync all these automatically to the source system, while capturing an audit log of all actions. The DAM varies from one connector to another based on the functionality.
Connection Establishment
To initiate a new DAM connection from OvalEdge on a source system, add a new connector on the OvalEdge Connectors page and select the corresponding source system. The Data Access option must be selected to perform DAM on that connection; otherwise, only metadata management can be performed.
Below is a sample screen:
Data Access Admin
To perform Data Access Management activities, a user must have the OvalEdge administrator role ‘Data Access Admin’ (DAA). The connector creator (ovaledge.connector.creator) defines the Data Access Admin(s) roles on this connection, which can later be modified by the Data Access Admin(s) of that connection.
Note: When the Data Access checkbox is selected, the Admin Roles section is updated with a new field, ‘Data Access Admin’.
Data Access Module
The Data Access Module is available under the Administration section. Data Access Admins can only view this module.
There are two sub-modules within the Data Access module:
- Data Access Management
- Data Access Audit
Data Access Management
The Data Access Management submodule controls all Access Management operations at the OvalEdge level. On the left panel, a tree view showcases server names, instances, and connectors to navigate to preferred systems and manage the settings as needed. Users can manage permissions at two levels.
- At Instance level
- At Connector level
Instance level: The Instance Details page provides server details and different details associated with that particular instance, with each category organized into its designated section. Data Access Admins can perform specific actions based on specific requirements.
Below is a sample screenshot to show an Instance-level setting:
Connector level: The page provides Access Management settings, Permissions with Data Source to OvalEdge, and details associated with that particular connector. Data Access Admins can perform specific actions based on specific requirements.
Below is a sample screenshot to show a connector-level setting:
Data Access Audit
Data Access Audit displays the audit trail of any actions taken from the Data Access module, whether adding, updating, or deleting. OvalEdge captures fields like the timestamp of an action, the specific user who has taken the action, and a brief description of the action. The tabs change dynamically based on the selected server instance of the source system.
Below is a sample screenshot to show the Data Access Audit:
DAM Connectors in OvalEdge
OvalEdge has implemented Data Access Management for the following connectors: