Data Access Control (DAC) is one of three technology tools used to ensure Enterprise Data Warehouse (EDW) data security. See Data Security for an overview of the full security mechanism and for descriptions of the concepts discussed below.
How the DAC works
The DAC is a SQL server database. There is a copy of this database on every EDW server that stores University data. The DAC schema:
- Contains data permission information for every table, column and row.
- Contains information on Security Access and Roles Matrix roles and their privileges to tables and columns of data.
- Maintains lists of campus users belonging to those roles.
Information about role membership is acquired by the DAC from ASTRA, a UW authorization system that stores user access information for a wide variety of administrative applications and tools across the University. The DAC acquires information about data security rules as they apply to Matrix roles from the Security Metadata Administration Tool (SMAT).
DAC Information is Refreshed Each Business Day
- The DAC consumes information from ASTRA about users and their roles.
- The DAC consumes information from the SMAT about the data to which each role is allowed access.
- The DAC applies the information obtained in step 1) to EDW tables and columns, and in doing so creates EDW secured views, also known as SEC views.
- Campus users query and report on EDW data using the SEC views rather than the original tables. In this way, each user is allowed to see only the tables, columns, or rows to which they have been granted access by the Data Management Committee.
View Security Settings Applied to Tables, Columns, and Users
The following reports provide detailed information regarding security settings defined for tables and users. EDW access is required to view the data.