OvalEdge provides a role-based security model. A role defines the part played by a person in an application or in an organization. OvalEdge security model includes the following sections:
Default System Roles
OvalEdge provides 2 default System Roles. The following are their responsibilities listed.
Role |
Responsibilities |
OE_ADMIN |
This is a Super Admin role and its members have full access to manage and control everything on the application. Members of this role also have access to the Administrator modules. This role cannot be deleted but the name can be modified. See Special roles for more details. |
OE_PUBLIC |
This is a default role for Registered users in the application. The Administrator may decide to grant permissions for the members of this Role. This role cannot be deleted but the name can be modified. See Special roles for more details. |
User-Defined Roles
One of the foundational aspects of data governance is to define roles and responsibilities and then manage them. As various departments are using data, it's important to clearly define roles and responsibilities and then assign users, or members, to them. The assignment of roles and responsibilities can be configured very easily in OvalEdge.
Users generally need a role and metadata and data permissions to access data objects and perform tasks. For example, to design a database, you need a “Data Architect” role with Metadata read and Data write permissions. To analyze the data with Business intelligence tools, you need an “Analyst” role with Metadata read and Data read permission.
Users can access each data object, depending on their user role and the permissions set on these data objects.
Special Roles
In OvalEdge, you can configure default roles or user-defined roles to perform specific tasks. These roles consist of a single user or group of users. The following configurations can be configured and mapped to any of the above-mentioned roles for managing various activities such as tag creation, access APIs, and crawling activities within OvalEdge.
The administrator can view this setting under Administration >> Configuration. The various available configurations are:
Configuration key |
Roles (Example) |
Responsibility |
ovaledge.role.admin |
OE_ADMIN |
This is a Super Admin role and its members have full access to manage and control everything on the application. This is the default role. |
ovaledge.tag.role |
DATA_CUSTODIAN |
The user assigned with the DATA_CUSTODIAN role can Create the Tags |
ovaledge.role.public |
OE_PUBLIC |
This role is set for self-Registered users. This is a default role. |
ovaledge.crawler.role |
CRAWLER_ADMIN |
The user with the CRAWLER_ADMIN role can crawl new data sources |
ovaledge.role.governance |
GOVERNANCE_GROUP |
|
ovaledge.userdelete.role |
USER_MANAGEMENT |
The users in this role can manage the users of OvalEdge.This is an alternate user management role. |
Note: Assign the most suitable role to each task, giving them an appropriate level of control.
Example: The user assigned with the TAG_ADMIN role can Create Tags and after performing the changes, the new configurations are reloaded automatically.
Pre-Defined Responsibilities
Along with the default system Roles, there are default System Responsibilities. When a particular user is assigned the following title, they are made accountable for the following activities in OvalEdge.
Owner
Users with Owner roles and responsibilities have complete access to their assigned data objects like a Database(s), Table(s), Folder(s)/File(s), or Report(s). The Owner of a data object is responsible for managing and restricting the permissions on that data object through the access request received at the service desk.
Steward of data objects
Users with Steward roles and responsibilities have complete control and access to the metadata such as descriptions, tags, and term associations to data objects like databases, tables, and files. They are responsible for metadata management and approving content change requests received at the service desk.
Domain Steward
The default definition of a domain steward is responsible for maintaining the definitions and business context of a suggested term and finally publishing the term.
Domain Reviewer
The default definition of a domain reviewer is responsible for reviewing the definitions and business context of a suggested term.
Author
The Authors have the same permissions similar to the Stewards. They can contribute to enriching the metadata, but they are not responsible for managing the approval workflows.