Presentation is loading. Please wait.

Presentation is loading. Please wait.

DAC’ing and SMAT’ing UW Data: A Primer on the intersection of data governance and data security at University of Washington Anja Canfield-Budde Senior.

Published byEdwina Barrett Modified over 8 years ago

Similar presentations

Presentation on theme: "DAC’ing and SMAT’ing UW Data: A Primer on the intersection of data governance and data security at University of Washington Anja Canfield-Budde Senior."— Presentation transcript:

1 DAC’ing and SMAT’ing UW Data: A Primer on the intersection of data governance and data security at University of Washington Anja Canfield-Budde Senior Manager, Decision Support Services

2 UW Data Map (aligns business and data perspectives)
The University of Washington’s data governance committee, called Data Management Committee (DMC), developed the UW Data Map in 2007 as conceptual representation of University’s business areas (lines of business), and express them in terms of data. Data Map has many functions, such as serves as roadmap for building out EDW.

3 UW Data Map (defines data custodians and trustees)
Also serves a classification that defines data custodians and trustees. The 7 main subject areas are further classified into data domains, or subareas. It is at this level that data stewards have been identified.

4 Roles and Access Matrix (defines roles and access privileges)
In 2008, these data stewards got together to develop a framework for managing access to data. The UW Data Map is again the anchor point for these security classifications in the following way. Across all subject areas, a Role and Access Matrix defines a finite set of 14 roles, and for each role, describes fine-grained access privileges at the row and column level. The matrix translates federal and state regulations around data security and applies them to data areas. Access is granted by role, across subject areas, at the data level (versus upon access to the data at the BI level).

5 DAC Hundreds of tables Thousands of users
One data security model. Period. Roles Matrix DAC consumes from Roles tool, SMAT & EDW to create secured views Custodians use Roles Matrix to assign people to roles DAC Secured Views Custodians use SMAT to map data to roles SMAT Security Metadata Administration Tool The technical implementation of this conceptual framework has two parts to it: 1) a backend mechanism that creates security views according to the classifications set forth in the Matrix; we call this the Data Access Control (DAC), a system developed in-house and patent pending; a web front end in which data custodians manage access to EDW data in accordance with Roles and Access Matrix (Security Metadata Administration Tool – SMAT) To summarize, data stewards then have two responsibilities here to translate the theoretical framework into practice: 1) they classify users into one of these 14 roles; 2) they apply the security classifications to the data itself. Diagram shows how the pieces work together: Custodians use Roles Matrix to assign people to roles; Custodians use SMAT to map data to roles, and assign access privileges to data. The DAC consumes information from Roles tool, SMAT and the EDW to create security views. Security views dynamically show only the data a user is allowed to see. When a user logs in, he/she see the data they are authorized for. Note that because security is applied at the data level, any user can run any report, but the information they see depends on the breadth of their permissions. Data Access Control System v1.0 Patent Pending Dynamically serve only the data allowed EDW Stores data from subject areas across the University Enterprise Data Warehouse User A No restrictions User C Row restrictions User B Column restrictions

6 Security Metadata Administration Tool (SMAT)
Lets Data Custodians manage access to EDW data in accordance with Roles and Access Matrix Screen short of SMAT.

7 Data Security results in rapid growth for BI
Data access control governance and system enabled consistent, scalable, and broad access to all EDW data 2010 New online presence and user forums increase awareness and data usage New analytics and visualization tools provide easier access to data and promote understanding of activities and trends As a result of implementing access controls, development of BI and access to BI has skyrocketed from handful of users and reports in 2009 to 5000 and hundreds of reports, cubes and visualizations today. “Freeing The Data” First investment in reporting tools, finance and HR only

8 Tools for Custodians and Users
Financial Resources (blue) Human Resources (purple) Academics (yellow) Research (red) BI Portal: Using the UW Data Map as your visual guide, you can find any data that’s available in EDW: by how you want to view the data (report, cube), by data source (table, database), by person/group that created or supports the artifact, or by data definition. Administrative Reports show Who Has Access to which data. In summary: up front cost was high (develop matrix, develop tools, develop processes), but relatively short (processes, frameworks years; tools 6-9 months). Ongoing investment and maintenance extremely low, easy to manage.

9 Tools for Custodians and Users
Multiple Ways to search data - by Name, Subject, Support Group, Table & Database

10 Learn More UW Data Governance: http://www.washington.edu/uwit/im/dmc/
UW Data Warehouse and BI: Contact me directly: Anja Canfield-Budde

11 Appendix

12 UW Data Warehouse Holdings

Download ppt "DAC’ing and SMAT’ing UW Data: A Primer on the intersection of data governance and data security at University of Washington Anja Canfield-Budde Senior."

Similar presentations

C6 Databases.

C6 Databases.
By: Mr Hashem Alaidaros MIS 211 Lecture 4 Title: Data Base Management System.

By: Mr Hashem Alaidaros MIS 211 Lecture 4 Title: Data Base Management System.
Eron Kelly General Manager Data Platform Group. Unlocking Insights on Any Data Breakthrough Data Platform Performance with SQL Server 2014 Enabling Familiar,

Eron Kelly General Manager Data Platform Group. Unlocking Insights on Any Data Breakthrough Data Platform Performance with SQL Server 2014 Enabling Familiar,
Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.

Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Data Quality David Loshin. Course Structure Overview of Data Quality –Data Ownership and Data Roles –Cost Analysis of Poor Data Qaulity Dimensions of.

Data Quality David Loshin. Course Structure Overview of Data Quality –Data Ownership and Data Roles –Cost Analysis of Poor Data Qaulity Dimensions of.
Data Sources Create a connection definition in Cognos Step 2: Create a Cognos Account on Each Data Source Step 1: Import Metadata Step 3: Publish Package.

Data Sources Create a connection definition in Cognos Step 2: Create a Cognos Account on Each Data Source Step 1: Import Metadata Step 3: Publish Package.
Data Quality David Loshin Knowledge Integrity Inc.

Data Quality David Loshin Knowledge Integrity Inc.
Business Driven Technology Unit 2

Business Driven Technology Unit 2
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Title Slide without Picture Subtitle Presenter’s Name Presenter’s Title Organization,

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Title Slide without Picture Subtitle Presenter’s Name Presenter’s Title Organization,
TOPIC 1: GAINING COMPETITIVE ADVANTAGE WITH IT (CONTINUE) SUPPLY CHAIN MANAGEMENT & BUSINESS INTELLIGENCE.

TOPIC 1: GAINING COMPETITIVE ADVANTAGE WITH IT (CONTINUE) SUPPLY CHAIN MANAGEMENT & BUSINESS INTELLIGENCE.
Data Warehouse Toolkit Introduction. Data Warehouse Bill Inmon's paradigm: Data warehouse is one part of the overall business intelligence system. An.

Data Warehouse Toolkit Introduction. Data Warehouse Bill Inmon's paradigm: Data warehouse is one part of the overall business intelligence system. An.
BUSINESS INTELLIGENCE/DATA INTEGRATION/ETL/INTEGRATION AN INTRODUCTION Presented by: Gautam Sinha.

BUSINESS INTELLIGENCE/DATA INTEGRATION/ETL/INTEGRATION AN INTRODUCTION Presented by: Gautam Sinha.
Database Application Security Models

Database Application Security Models
Enabling the Business User with IBM Cognos 8 BI. Today’s agenda  Cognos 8v4  Today’s challenges  Go! Portfolio of products Go! Search Go! Dashboard.

Enabling the Business User with IBM Cognos 8 BI. Today’s agenda  Cognos 8v4  Today’s challenges  Go! Portfolio of products Go! Search Go! Dashboard.
Blackboard for K-12 Let’s Build a Better Educational Experience 1.

Blackboard for K-12 Let’s Build a Better Educational Experience 1.
Introduction to Databases A line manager asks, “If data unorganized is like matter unorganized and God created the heavens and earth in six days, how come.

Introduction to Databases A line manager asks, “If data unorganized is like matter unorganized and God created the heavens and earth in six days, how come.
Database Application Security Models Database Application Security Models 1.

Database Application Security Models Database Application Security Models 1.
Business Intelligence Zamaneh Jahed. What is Business Intelligence? Business Intelligence (BI) is a broad category of applications and technologies for.

Business Intelligence Zamaneh Jahed. What is Business Intelligence? Business Intelligence (BI) is a broad category of applications and technologies for.

Similar presentations

Ads by Google