System Administration

Set Security in the Stewardship Tier

NOTE: If you are upgrading from 7.0.6 or below to 7.1 or above, you may need to migrate your security settings to use centralized security. Users of Data Quality, MDM,and Mass Maintenance must update security roles when upgrading to 7.1. Refer to the Centralized Security Migration Manual for important information about using security in the Stewardship Tier in version 7.1 and later. Consult this manual BEFORE updating to 7.1, as an analysis of current security assignments must be completed before the Stewardship Tier can be updated.

The Stewardship Tier’s centralized user management functionality controls user access to standard and custom Stewardship Tier applications (pages). It also controls user access to content within standard Stewardship Tier applications and provides functionality to extend to user content assignment within custom applications.

  • A user’s access to Stewardship Tier applications is driven by WebApp group assignment either via a security role (of type Application or Standard) or by direct assignment to WebApp groups
  • A user’s content access is driven by Security Definition Key Value assignment either via a security role (of type Content or Standard) or by direct assignment through user-specific security definitions.

Stewardship Tier is shipped with default ‘Standard’ security roles that provide differentiated user application access across all Stewardship Tier solutions and components. Refer to Delivered Security Roles for more information.

Additionally, Stewardship Tier applications include a range of WebApp groups intended to be used as building blocks for custom security roles. Refer to Delivered WebApp Groups for more information.

Syniti recommends that delivered security roles are used as the starting point for providing users with Stewardship Tier Application access. Using Stewardship Tier functionality, these security roles can be further tailored to fit specific requirements.

Furthermore, Syniti recommends that Application and Content access is provisioned through separate security roles. This will offer the most efficient method by which to maintain security. Users who administer content can be assigned to the System Administration ContentKeySecurity WebApp group. Users who administer application access can be assigned to the System Administration User Management WebApp group.

NOTE: Roles with a role type of Standard can be used to provide BOTH Application and Content access.

To set security in the Stewardship Tier:

There are two ways to create an Application security role, the first step in security set up.

  1. Create an Application security role from an existing role by Copying a Delivered Security Role.

    NOTE: Rename the role, and set the ROLE TYPE to Application.

  2. Add or change WebApp groups assigned to the security role.

    NOTE: If delivered WebApp groups do not fit requirements, create a new WebApp group and assign to the role using Add-Ons. Publish custom WebApp groups created in Add-Ons to synch the WebApp groups to System Administration to make them available for assignment to security roles.

OR

  1. Create a security role with the Type of Application Manually
  2. Add or change WebApp groups assigned to the security role.

NOTE: If delivered WebApp groups do not fit requirements, create a new WebApp group and assign to the role using Add-Ons. Publish custom WebApp groups created in Add-Ons to synch the WebApp groups to System Administration to make them available for assignment to security roles.

To continue setting up security, create content security roles to give content access

  1. Create a security role with the Type of Content manually.
  2. Assign Security Definition Keys to the security role.

When adding user accounts, Security Administrators (part of the UserManagment WebApp group) assign users to Application and Content security roles.

This topic contains details about setting security for these Stewardship Tier applications:

Set Security for MDM

When granting user access to MDM, either:

  • Assign the user to a security role that contains the positions the user can access
  • Assign the positions to the user through a user-specific security definition

Refer to the video for an overview of changes to MDM positions in 7.1 and later.

Set Security for Data Quality

When granting user access to Data Quality, either:

  • Assign the user to a security role that contains the groups the user can access
  • Assign the groups to the user through a user-specific security definition

Watch the video for an overview of changes to Data Quality groups in 7.1 and later.

Set Security for Mass Maintenance

When granting user access to Mass Maintenance, either:

  • Assign the user to a security role that contains the template role the user can access
  • Assign the template role to the user through a user-specific security definition

Watch the video for an overview of changes to Mass Maintenance template roles in 7.1 and later.

Set Security for ADM

To grant access to all migration content, refer to Access All Data Security Definition.

User access can also be restricted to certain Wave-Process Areas and Wave-Process Area-Objects. This restriction can be done by granting user access to specific Security Definition Key Values. Either:

  • Assign the user to a security role that contains the permitted key values associated with the Wave + Process Area, Wave + Process Area + Object and Source Security Definitions, or

    NOTE: To restrict a user to specific Wave / Process Area / Objects, the user must be assigned to a security role that has both Wave + Process Area and Wave + Process Area + Object keys values assigned.

  • Assign the Wave + Process Area, Wave + Process Area + Object and Source Security Definition Key values to the user through user-specific security definitions.

    NOTE: To restrict a user to specific Wave / Process Area / Objects, the user must be assigned to a security role that has both Wave + Process Area and Wave + Process Area + Object keys values assigned.

Set Security for Collect

To grant access to all Collect Targets, refer to Access All Data Security Definition.

User access can also be restricted to specific Collect Targets. This restriction can be done by granting user access to specific Security Definition Key Values. Either:

  • Assign the user to a security role that contains the permitted key values associated with the Collect Target's Security Definition, or
  • Assign the Collect Target's Security Definition Key values to the user through a user-specific security definition.

Set Security for Integrate

To grant access to all Integrate categories, refer to Access All Data Security Definition.

User access can also be restricted to specific Integrate categories. This restriction can be done by granting user access to specific Security Definition Key Values. Either:

  • Assign the user to a security role that contains the permitted key values associated with the Integrate category's Security Definition, or
  • Assign the Integrate category's Security Definition Key values to the user through a user-specific security definition.

Set Security for Analyze

To grant access to all Analyze Data Sources, refer to Access All Data Security Definition.

User access can also be restricted to specific Analyze Data Sources. This restriction can be done by granting user access to specific Security Definition Key Values. Either:

  • Assign the user to a security role that contains the permitted key values associated with the Analyze Data Sources Security Definition, or
  • Assign the Analyze Data Sources Security Definition Key values to the user through a user-specific security definitions.

Access All Data Security Definition

To grant a user access to all ADM, Collect, Analyze and Integrate, users can be assigned the ‘Stewardship Tier Administrator Security Role’ key value within the ‘Access all Data’ Security Definition either via a role or by direct assignment via user-specific security definitions.