Overview
The Enterprise Data Warehouse (EDW) has data from multiple subject areas. In order to protect sensitive data while providing uniform access to enterprise data users, the Data Management Committee developed security roles for access to the EDW. Users are assigned to these roles according to their job responsibilities and data use requirements. These roles were created based on principles identified in the UW Information Systems Security Policy Statement.
These security roles provide granular access to information and define privileges based on specific column access needs. The Security Access and Roles Matrix (or just “Matrix”) describes the roles and their privilege levels across data subject areas (e.g. Academic, HR, Finance).
University faculty and staff must request access to EDW data in order to query the EDW or use reporting and analysis tools that source data from the EDW. Depending on the sensitivity level of the data needed, access is granted by a local ASTRA administrator or by the Data Domain Councils. In both cases, users are assigned to one or more roles defined by the Matrix.
Data Security Tools
The three tools outlined below work in concert to ensure the DMC’s Matrix rules are enforced.
ASTRA
ASTRA stands for Access to Systems, Tools, Resources and Application. ASTRA is an access management service that stores authorization information about who can use a variety of UW administrative applications and other resources.
DAC
DAC stands for Data Access Control*. The DAC is a SQL database that dynamically protects UW enterprise data through security settings defined for each database, table, and column. Data Domain Councils, or their Primary Sub-Domain Steward, determine which roles should have access to specific columns of data, and these security definitions are stored in the DAC.
SMAT
SMAT stands for Security Metadata Admin Tool*. The SMAT is a web‐based front end for writing security definitions to the DAC. Data Domain Councils or their Primary Sub-Domain Stewards use the SMAT to grant DMC roles table-level access or to restrict access to specific columns in an EDW table.
*Full patent filed with the US Patent and Trademark Office in October, 2009. DAC and SMAT were developed by Information Management’s Enterprise Data & Analytics team.
Questions?
Click here to read more about how ASTRA, DAC, and SMAT function to keep UW enterprise data secure.
If you have any questions about how we leverage these three tools to keep UW enterprise data secure, please write us at help@uw.edu.