DSXchange

I vaguely recall someone saying (was it at IOD?) that in version 8.5 it is possible to partition a Business Glossary. However I can not find any documentation on how to go about doing that. If anyone knows where to find that documentation, or even how to partition a Business Glossary, can you please post that information here?

What we're trying to implement is a "shadow" - an area to store terms while they're being worked on but before they're ready to be given Candidate status.

If anyone has any other suggestions (other than the obvious "secured Category" one), can you please post them here?

Thank you for your time.

I don't know the answer to that but would like to add a supplementary question (I don't have a copy of BG to play with at the moment): is it possible to make different Categories (folders) visible to some users and not to others? That is, does BG have an inherent security model other than Information Server roles?

ray.wurlod wrote:I don't know the answer to that but would like to add a supplementary question (I don't have a copy of BG to play with at the moment): is it possible to make different Categories (folders) visible to some users and not to others? That is, does BG have an inherent security model other than Information Server roles?

Hi Ray,

It does seem to (looked into it, haven't tried it).

In the IIS admin web client, open the Glossary tab and then click Glossary Settings -> Edit Settings.
At the bottom of the frame you can select "Configure Viewing Permissions" and then select users/groups to have access to a category or subcategory. You can select to have selected permissions flow down to subcategories.

Thanks, Stuart, I did find that (from the Information Center). As noted, I don't have a copy at the moment - will be installing it probably next week.

Note, however, that the required role is Administrator - configuration of viewing permissions is not available to Author role.

I was unable to find anything about partitioning the glossary though, unless setting permissions on categories is what they were talking about.

It's not enough, though, because all Authors still have universal access.

A Glossary taxonomy is by it's nature broken into partitions according to the category structure, the viewing permissions added to version 8.5 made it possible to hide certain branches from the general populate them and allocate viewing permissions to groups and people.

In today's current 8.5, a combination of techniques are typically used....

You can establish "status" viewing priveleges, so that users can only see terms with a certain status, and as Vincent notes, you can hide entire categories or sub-categories with viewing permissions. Of course, the "role" impacts this, and these are for the BG User Role and the BG Basic User Role.

A lot of sites isolate glossaries by physical instance of Info Server. They have a golden "governance" Info Server that has the "final" glossary pushed over to it......no editing is done there at all.

When workflow arrives in the future we'll have more granular control of how authors develop, approve and/or publish terms....however, because of existing rules and practices, I suspect that we will still see sites that have 100% isolation for their final published glossary. So they might have a "production" glossary where Authors do all of their work (dev for BG is not like dev for ETL ....Terms "evolve" and that's part of the production process), and yet another "production" read-only glossary for all of their finalized golden governance oriented metadata. [and still have a true "dev" BG where security schemes and theories and REST API development and experimental hierarchies are tested and played out].

Ernie

It would be useful to be able to keep some Authors out of some Categories!

I have installed multiple instances of BG 8.5 on the same server for different purposes but haven't had any real users test it yet. I suppose that could be considered one form of partitioning a BG.

I have heard from previous testing that once you grant the Author role to a user, they can author any term in any category. That is likely to be an 8.1 statement and maybe that prior testing was done without applying security to each category. I am curious if anyone has run across this scenario in 8.1 or 8.5.

ray.wurlod wrote:It would be useful to be able to keep some Authors out of some Categories!

And it would be useful to be able to keep some BG users from browsing DataStage job logs. That was the main reason I installed an additional instance. I had a PMR on this and hope that the BG security options are improved in 8.7.

I'm getting ready to install 8.5 at a new client site. The 8.5 manual states that someone with Author or higher role can access all terms in all categories. The client isn't totally happy with that.

Niether was our team or the security team. If that is indeed still the case, at least for us, it forces us to install additional BG instances that are isolated from one another.

Another option may be to establish a trusted enterprise set of BG Authors, part of a governance team. I don't think that's practical for an enterprise where divisions/organizations already don't trust each other.

Thank you all for your thoughts and advice. They are most useful. Looks like we will need to propose some alternatives to the business.