IT Connect

Information technology tools and resources at the UW

Data Access Control

Overview

Data Access Control (DAC) is one of three technology tools used to ensure Enterprise Data Warehouse (EDW) data security.  See Data Security for an overview of the full security mechanism and for descriptions of the concepts discussed below.

How the DAC works

The DAC is a SQL server database. There is a copy of this database on every EDW server that stores University data. The DAC schema:

  • Contains data permission information for every table, column and row.
  • Contains information on Security Access and Roles Matrix roles and their privileges to tables and columns of data.
  • Maintains lists of campus users belonging to those roles.

Information about role membership is acquired by the DAC from ASTRA, a UW authorization system that stores user access information for a wide variety of administrative applications and tools across the University. The DAC acquires information about data security rules as they apply to Matrix roles from the Security Metadata Administration Tool (SMAT).

DAC Information is Refreshed Each Business Day

  1. The DAC consumes information from ASTRA about users and their roles.
  2. The DAC consumes information from the SMAT about the data to which each role is allowed access.
  3. The DAC applies the information obtained in step 1) to EDW tables and columns, and in doing so creates EDW secured views, also known as SEC views.
  4. Campus users query and report on EDW data using the SEC views rather than the original tables.  In this way, each user is allowed to see only the tables, columns, or rows to which they have been granted access by the Data Management Committee.

Data Access Control depiction - Custodians use ASTRA to assign people to roles. Custodians user SMAT to map data to toles at the column level. EDW stores data from multiple subject areas across the University. DAC consumes from ASTRA, SMAT and EDW data to create secured views. Secured views dynamically serve only the data allowed.

Figure 1. A pictorial representation of how the DAC manages EDW data security

View Security Settings Applied to Tables, Columns, and Users

The following reports provide detailed information regarding security settings defined for tables and users. EDW access is required to view the data.

Who_Has_Access

This report displays the names and UW NetIDs of users that have been assigned to a security role by the Data Management Committee

DAC-Secured Tables, Views, & Columns

This report presents Data Custodians’ security settings by table and column for DAC-enabled resources. The layout of this report resembles the SMAT layout. For a more detailed description of this report, see the Current Data Security Settings page.

DAC-Secured Tables & Views by Security Role

This report presents both available and restricted data, by role as defined by the Data Custodians.