DAC and SMAT

Last updated: July 3, 2023
Audience: InstructorsStaffResearchersIT Staff / TechnicalAll UW

DAC and SMAT (Data Access Control and Security Metadata Admin Tool)

This page provides an overview and detailed information about two features of EDW data security at UW:

  • DAC (Data Access Control)
  • SMAT (Security Metadata Admin Tool)

If you have additional questions, please write help@uw.edu.

DAC (Data Access Control)

Overview

Data Access Control (DAC) is one of three technology tools used to ensure Enterprise Data Warehouse (EDW) data security. See Data Security for an overview of the full security mechanism and for descriptions of the concepts discussed below.

How the DAC works

The DAC is a SQL server database. There is a copy of this database on every EDW server that stores University data. The DAC schema:

  • Contains data permission information for every table and column.
  • Contains information on Security Access and Roles Matrix roles and their privileges to tables and columns of data.
  • Maintains lists of campus users belonging to those roles.

Information about role membership is acquired by the DAC from ASTRA, a UW authorization system that stores user access information for a wide variety of administrative applications and tools across the University. The DAC acquires information about data security rules as they apply to Matrix roles from the Security Metadata Administration Tool (SMAT).

DAC Information is Refreshed Each Business Day

  1. The DAC consumes information from ASTRA about users and their roles.
  2. The DAC consumes information from the SMAT about the data to which each role is allowed access.
  3. The DAC applies the information obtained in step 1) to EDW tables and columns, and in doing so creates EDW secured views, also known as SEC views.
  4. Campus users query and report on EDW data using the SEC views rather than the original tables. In this way, each user is allowed to see only the tables and columns to which they have been granted access by the Data Management Committee.

SMAT (Security Metadata Admin Tool)

Data Custodians are responsible for applying the data security rules defined in the Security Access and Roles Matrix (Matrix). These rules create the metadata about security.

The Security Metadata Administration Tool (SMAT) is the web interface Data Domain Councils, or their Primary Sub-Domain Steward, use to manage access to the Enterprise Data Warehouse (EDW) data, in accordance with the UW data security policy. Security is applied at the table and column level for every security role in the Matrix.

The SMAT tool is only accessible to Data Custodians or their delegates. However, any user with EDW access is able to view security settings applied to EDW tables and columns. If you have any questions about current security settings please write help@uw.edu

Using SMAT

  • Only Data Domain Councils or their Primary Sub-Domain Steward can use the SMAT.
  • To access the SMAT application, go to https://ucs.admin.uw.edu/SMAT. Internet Explorer is the only supported browser.
  • Data Custodians are expected to understand the data access business rules for their respective subject areas and are responsible for applying those rules correctly.
  • Enterprise Data Integration (EDI) business analysts approve submitted security documents as SMAT administrators.
  • If you have any questions about how to use SMAT, or to report technical issues, please write help@uw.edu.