Partitioning a Business Glossary

This forum is in support of all issues about Data Quality regarding DataStage and other strategies.

Moderators: chulett, rschirm

Post Reply
U
Participant
Posts: 230
Joined: Tue Apr 17, 2007 8:23 pm
Location: Singapore

Partitioning a Business Glossary

Post by U »

I vaguely recall someone saying (was it at IOD?) that in version 8.5 it is possible to partition a Business Glossary. However I can not find any documentation on how to go about doing that. If anyone knows where to find that documentation, or even how to partition a Business Glossary, can you please post that information here?

What we're trying to implement is a "shadow" - an area to store terms while they're being worked on but before they're ready to be given Candidate status.

If anyone has any other suggestions (other than the obvious "secured Category" one), can you please post them here?

Thank you for your time.
ray.wurlod
Participant
Posts: 54607
Joined: Wed Oct 23, 2002 10:52 pm
Location: Sydney, Australia
Contact:

Post by ray.wurlod »

I don't know the answer to that but would like to add a supplementary question (I don't have a copy of BG to play with at the moment): is it possible to make different Categories (folders) visible to some users and not to others? That is, does BG have an inherent security model other than Information Server roles?
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
stuartjvnorton
Participant
Posts: 527
Joined: Thu Apr 19, 2007 1:25 am
Location: Melbourne

Post by stuartjvnorton »

ray.wurlod wrote:I don't know the answer to that but would like to add a supplementary question (I don't have a copy of BG to play with at the moment): is it possible to make different Categories (folders) visible to some users and not to others? That is, does BG have an inherent security model other than Information Server roles?
Hi Ray,

It does seem to (looked into it, haven't tried it).

In the IIS admin web client, open the Glossary tab and then click Glossary Settings -> Edit Settings.
At the bottom of the frame you can select "Configure Viewing Permissions" and then select users/groups to have access to a category or subcategory. You can select to have selected permissions flow down to subcategories.
ray.wurlod
Participant
Posts: 54607
Joined: Wed Oct 23, 2002 10:52 pm
Location: Sydney, Australia
Contact:

Post by ray.wurlod »

Thanks, Stuart, I did find that (from the Information Center). As noted, I don't have a copy at the moment - will be installing it probably next week.

Note, however, that the required role is Administrator - configuration of viewing permissions is not available to Author role.

I was unable to find anything about partitioning the glossary though, unless setting permissions on categories is what they were talking about.

It's not enough, though, because all Authors still have universal access.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
vmcburney
Participant
Posts: 3593
Joined: Thu Jan 23, 2003 5:25 pm
Location: Australia, Melbourne
Contact:

Post by vmcburney »

A Glossary taxonomy is by it's nature broken into partitions according to the category structure, the viewing permissions added to version 8.5 made it possible to hide certain branches from the general populate them and allocate viewing permissions to groups and people.
eostic
Premium Member
Premium Member
Posts: 3838
Joined: Mon Oct 17, 2005 9:34 am

Post by eostic »

In today's current 8.5, a combination of techniques are typically used....

You can establish "status" viewing priveleges, so that users can only see terms with a certain status, and as Vincent notes, you can hide entire categories or sub-categories with viewing permissions. Of course, the "role" impacts this, and these are for the BG User Role and the BG Basic User Role.

A lot of sites isolate glossaries by physical instance of Info Server. They have a golden "governance" Info Server that has the "final" glossary pushed over to it......no editing is done there at all.

When workflow arrives in the future we'll have more granular control of how authors develop, approve and/or publish terms....however, because of existing rules and practices, I suspect that we will still see sites that have 100% isolation for their final published glossary. So they might have a "production" glossary where Authors do all of their work (dev for BG is not like dev for ETL ....Terms "evolve" and that's part of the production process), and yet another "production" read-only glossary for all of their finalized golden governance oriented metadata. [and still have a true "dev" BG where security schemes and theories and REST API development and experimental hierarchies are tested and played out].

Ernie
Ernie Ostic

blogit!
<a href="https://dsrealtime.wordpress.com/2015/0 ... ere/">Open IGC is Here!</a>
ray.wurlod
Participant
Posts: 54607
Joined: Wed Oct 23, 2002 10:52 pm
Location: Sydney, Australia
Contact:

Post by ray.wurlod »

It would be useful to be able to keep some Authors out of some Categories!
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am
Location: USA

Post by qt_ky »

I have installed multiple instances of BG 8.5 on the same server for different purposes but haven't had any real users test it yet. I suppose that could be considered one form of partitioning a BG.

I have heard from previous testing that once you grant the Author role to a user, they can author any term in any category. That is likely to be an 8.1 statement and maybe that prior testing was done without applying security to each category. I am curious if anyone has run across this scenario in 8.1 or 8.5.
Choose a job you love, and you will never have to work a day in your life. - Confucius
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am
Location: USA

Post by qt_ky »

ray.wurlod wrote:It would be useful to be able to keep some Authors out of some Categories!
And it would be useful to be able to keep some BG users from browsing DataStage job logs. That was the main reason I installed an additional instance. I had a PMR on this and hope that the BG security options are improved in 8.7.
Choose a job you love, and you will never have to work a day in your life. - Confucius
ray.wurlod
Participant
Posts: 54607
Joined: Wed Oct 23, 2002 10:52 pm
Location: Sydney, Australia
Contact:

Post by ray.wurlod »

I'm getting ready to install 8.5 at a new client site. The 8.5 manual states that someone with Author or higher role can access all terms in all categories. The client isn't totally happy with that.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am
Location: USA

Post by qt_ky »

Niether was our team or the security team. If that is indeed still the case, at least for us, it forces us to install additional BG instances that are isolated from one another.

Another option may be to establish a trusted enterprise set of BG Authors, part of a governance team. I don't think that's practical for an enterprise where divisions/organizations already don't trust each other.
Choose a job you love, and you will never have to work a day in your life. - Confucius
U
Participant
Posts: 230
Joined: Tue Apr 17, 2007 8:23 pm
Location: Singapore

Post by U »

Thank you all for your thoughts and advice. They are most useful. Looks like we will need to propose some alternatives to the business.
Post Reply