Partitioning a Business Glossary
Partitioning a Business Glossary
I vaguely recall someone saying (was it at IOD?) that in version 8.5 it is possible to partition a Business Glossary. However I can not find any documentation on how to go about doing that. If anyone knows where to find that documentation, or even how to partition a Business Glossary, can you please post that information here?
What we're trying to implement is a "shadow" - an area to store terms while they're being worked on but before they're ready to be given Candidate status.
If anyone has any other suggestions (other than the obvious "secured Category" one), can you please post them here?
Thank you for your time.
What we're trying to implement is a "shadow" - an area to store terms while they're being worked on but before they're ready to be given Candidate status.
If anyone has any other suggestions (other than the obvious "secured Category" one), can you please post them here?
Thank you for your time.
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
I don't know the answer to that but would like to add a supplementary question (I don't have a copy of BG to play with at the moment): is it possible to make different Categories (folders) visible to some users and not to others? That is, does BG have an inherent security model other than Information Server roles?
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
-
- Participant
- Posts: 527
- Joined: Thu Apr 19, 2007 1:25 am
- Location: Melbourne
Hi Ray,ray.wurlod wrote:I don't know the answer to that but would like to add a supplementary question (I don't have a copy of BG to play with at the moment): is it possible to make different Categories (folders) visible to some users and not to others? That is, does BG have an inherent security model other than Information Server roles?
It does seem to (looked into it, haven't tried it).
In the IIS admin web client, open the Glossary tab and then click Glossary Settings -> Edit Settings.
At the bottom of the frame you can select "Configure Viewing Permissions" and then select users/groups to have access to a category or subcategory. You can select to have selected permissions flow down to subcategories.
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
Thanks, Stuart, I did find that (from the Information Center). As noted, I don't have a copy at the moment - will be installing it probably next week.
Note, however, that the required role is Administrator - configuration of viewing permissions is not available to Author role.
I was unable to find anything about partitioning the glossary though, unless setting permissions on categories is what they were talking about.
It's not enough, though, because all Authors still have universal access.
Note, however, that the required role is Administrator - configuration of viewing permissions is not available to Author role.
I was unable to find anything about partitioning the glossary though, unless setting permissions on categories is what they were talking about.
It's not enough, though, because all Authors still have universal access.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
-
- Participant
- Posts: 3593
- Joined: Thu Jan 23, 2003 5:25 pm
- Location: Australia, Melbourne
- Contact:
A Glossary taxonomy is by it's nature broken into partitions according to the category structure, the viewing permissions added to version 8.5 made it possible to hide certain branches from the general populate them and allocate viewing permissions to groups and people.
Certus Solutions
Blog: Tooling Around in the InfoSphere
Twitter: @vmcburney
LinkedIn:Vincent McBurney LinkedIn
Blog: Tooling Around in the InfoSphere
Twitter: @vmcburney
LinkedIn:Vincent McBurney LinkedIn
In today's current 8.5, a combination of techniques are typically used....
You can establish "status" viewing priveleges, so that users can only see terms with a certain status, and as Vincent notes, you can hide entire categories or sub-categories with viewing permissions. Of course, the "role" impacts this, and these are for the BG User Role and the BG Basic User Role.
A lot of sites isolate glossaries by physical instance of Info Server. They have a golden "governance" Info Server that has the "final" glossary pushed over to it......no editing is done there at all.
When workflow arrives in the future we'll have more granular control of how authors develop, approve and/or publish terms....however, because of existing rules and practices, I suspect that we will still see sites that have 100% isolation for their final published glossary. So they might have a "production" glossary where Authors do all of their work (dev for BG is not like dev for ETL ....Terms "evolve" and that's part of the production process), and yet another "production" read-only glossary for all of their finalized golden governance oriented metadata. [and still have a true "dev" BG where security schemes and theories and REST API development and experimental hierarchies are tested and played out].
Ernie
You can establish "status" viewing priveleges, so that users can only see terms with a certain status, and as Vincent notes, you can hide entire categories or sub-categories with viewing permissions. Of course, the "role" impacts this, and these are for the BG User Role and the BG Basic User Role.
A lot of sites isolate glossaries by physical instance of Info Server. They have a golden "governance" Info Server that has the "final" glossary pushed over to it......no editing is done there at all.
When workflow arrives in the future we'll have more granular control of how authors develop, approve and/or publish terms....however, because of existing rules and practices, I suspect that we will still see sites that have 100% isolation for their final published glossary. So they might have a "production" glossary where Authors do all of their work (dev for BG is not like dev for ETL ....Terms "evolve" and that's part of the production process), and yet another "production" read-only glossary for all of their finalized golden governance oriented metadata. [and still have a true "dev" BG where security schemes and theories and REST API development and experimental hierarchies are tested and played out].
Ernie
Ernie Ostic
blogit!
<a href="https://dsrealtime.wordpress.com/2015/0 ... ere/">Open IGC is Here!</a>
blogit!
<a href="https://dsrealtime.wordpress.com/2015/0 ... ere/">Open IGC is Here!</a>
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
I have installed multiple instances of BG 8.5 on the same server for different purposes but haven't had any real users test it yet. I suppose that could be considered one form of partitioning a BG.
I have heard from previous testing that once you grant the Author role to a user, they can author any term in any category. That is likely to be an 8.1 statement and maybe that prior testing was done without applying security to each category. I am curious if anyone has run across this scenario in 8.1 or 8.5.
I have heard from previous testing that once you grant the Author role to a user, they can author any term in any category. That is likely to be an 8.1 statement and maybe that prior testing was done without applying security to each category. I am curious if anyone has run across this scenario in 8.1 or 8.5.
Choose a job you love, and you will never have to work a day in your life. - Confucius
And it would be useful to be able to keep some BG users from browsing DataStage job logs. That was the main reason I installed an additional instance. I had a PMR on this and hope that the BG security options are improved in 8.7.ray.wurlod wrote:It would be useful to be able to keep some Authors out of some Categories!
Choose a job you love, and you will never have to work a day in your life. - Confucius
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
I'm getting ready to install 8.5 at a new client site. The 8.5 manual states that someone with Author or higher role can access all terms in all categories. The client isn't totally happy with that.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Niether was our team or the security team. If that is indeed still the case, at least for us, it forces us to install additional BG instances that are isolated from one another.
Another option may be to establish a trusted enterprise set of BG Authors, part of a governance team. I don't think that's practical for an enterprise where divisions/organizations already don't trust each other.
Another option may be to establish a trusted enterprise set of BG Authors, part of a governance team. I don't think that's practical for an enterprise where divisions/organizations already don't trust each other.
Choose a job you love, and you will never have to work a day in your life. - Confucius