Skip to end of metadata
Go to start of metadata

Page Contents


Overview: Asset Collections and Governance

EDG asset collections contain individual assets representing various types of business, technical, and operational resources of an organization. Examples of assets could include documents, vocabulary terms and relationships, data schema and profiles, reference data, requirements, and other technical or enterprise resources.

Data governance modelers can define business or data subject areas of concern and populate them with multiple types of asset collections for the resources of interest. Teams comprising different governance roles can maintain the collections in an orchestrated way based on collection workflows.

Users and Access Control

EDG has three categories of resources with access controls.

  • Permission profiles (viewer, editor, and manager) provide direct authorizations for asset collection functions.
  • Governance roles provide higher-level business control of asset collections and their workflows (business processes).
  • Rights groups control access to system-level application resources (e.g., directories, files).

Permission profiles

Each asset collection controls user access to its assets and functions via permission profiles, which comprise three nested access- levels: viewer, editor, and manager. Each level contains the permissions of the preceding level and more. The permission profiles assigned to users on each collection control what each user can see or do with the collection.

Governance roles

Governance roles represent types of business users engaged in various aspects of data governance processes. The roles are associated with particular business areas and their asset collections. The governance roles convey both permission-profile access to the collections in their areas and workflow permissions for the governance processes that maintain the collections.

Rights groups

Rights groups convey low-level EDG file system access to users. These settings are largely separate from permission profiles and governance roles, except that users require a Create right to create new asset collections, and administrators (users in the AdministratorGroup) have full manager permissions for all collections.

Users

Collection managers can assign users to various permission profiles and governance roles. Managers can assign users either as individuals or as security roles, which represent groups of users. Individual users and their security roles are defined externally to the EDG application, during Tomcat configuration for the EDG installation. Typically, individuals and their security roles come into EDG (via Tomcat) from LDAP, but they can also be defined within Tomcat itself, via the conf/tomcat-users.xml file.

EDG administrators can assign security roles (but not individuals) to rights groups, and they can define custom rights groups. Rights management also provides a pre-defined users role, ANY_ROLE, which automatically includes any EDG user (for assigning rights groups universally).

Finally, the governance model (see below) provides EDG-definable organizations, which are custom user-group hierarchies comprising selected individuals and security roles. Organizations can then be assigned to governance roles, in addition to individuals and security roles.

Summary of Access Types and User Assignment

ResourcesAccess TypeAccess LevelsAssignment of UsersDetails

Asset collections
(production & workflow versions)

Permission profile
  1. viewer
  2. editor (incl. viewer)
  3. manager (incl. editor)
  • individuals
  • security roles
  • indirect via gov. roles

See Workflows > Collection Permission Profiles and

Server Administration > Access Control > EDG Permissions Management.

Governance processes
(collections and their workflows)

Governance role
  • Data Steward
  • Business Steward
  • Subject Matter Expert
  • ..., etc. (customizable)
  • individuals
  • security roles
  • organizations
See Governance Areas (and Roles).
EDG workspace contents
(application file system)
Rights group
  • AdministratorGroup
  • readAnyGraphGrp
  • ..., etc. (customizable)
  • security roles
See Server Administration > Access Control > Rights Management.
Users
To configure individual users and their security roles, see Server Installation and Integration. To customize user organizations for governance roles, see Organizational Structure, below.

The Governance Model and Workflows

The Governance Model is a special EDG asset collection that uniquely provides enterprise contexts for other asset collections. It groups all collections governed by EDG into enterprise governance areas for which users can be given various governance roles. Users can also be grouped according to organizational structures. These dual settings bring together collections and users through EDG workflows, which orchestrate teams of users, via their roles, in the development and maintenance of the collections.

Governance model is also used to define metrics for governance areas and to manage organization's governance policies and issues.

Governance Areas (and Roles)

Governance areas group asset collections according to an organization's business or data subject concerns. Governance areas are used to define a delineated part of stewardship. They partition and delegate ownership of assets, and define a meaningful context for assets that are associated with a governance area.

A business area may have subareas that are either the business or data subject areas. Any data subject area may have only data subject subareas.

An asset collection may be assigned to one or more areas. There are two ways to connect an asset collection with a governance area:

  • by selecting a governance area and creating a new asset collection; thereby, automatically associating it with the selected area, or
  • by updating collection's Metadata using Settings > Metadata > Edit > subject area.

Governance roles

Each governance area may have associated governance roles, where each role represents a business-oriented set of user rights and responsibilities pertaining to the area's collections. Governance roles can be used in various workflows (see workflow templates), which orchestrate users in the governance processes that create and maintain the area's asset collections.

TopBraid EDG's set of available governance roles is configurable. EDG pre-defines several roles commonly used by organizations, but customers can modify this set.

A governance area's roles are assigned to users by specifying:

  • individual users or
  • user security roles (e.g., from LDAP) or
  • organizations, which are defined in the Governance Model's Organizational Structure (see below).

Role assignments in a given governance area automatically apply to all of the area's own asset collections and to all of its descendant-areas' collections.

Each asset collection can also have its own additional governance role assignments, made via its User Roles > Governance Roles settings. Such collection-specific assignments are shown in a governance area's Asset Collections listing, where any collection that has its own governance role assignments (i.e., in addition to its area's) will indicate them by showing the assigned roles' initials in its +Roles column.

Governance roles vs. permission profiles

Underlying the governance roles, asset collections use three standard permission profiles: viewer, editor, and manager. (See: Collection Permission Profiles: Viewer, Editor, and Manager for details.) Compared to the v/e/m profiles, which focus on collection permissions, governance roles are more abstract and more representative of an enterprise's business processes for data governance.

Comparison details:

  • Governance roles represent how a team of business users relate to a governance area's business and technical assets. In contrast, the v/e/m levels represent only permissions for given asset collection and its workflows. 
  • Governance roles can be defined for governance areas or an individual collection, whereas the v/e/m permissions must be specified at the collection level.
  • The set of governance roles available in EDG is customizable, but the three v/e/m permission levels are neither customizable nor extensible.
  • Users that have any governance role for an area automatically receive viewer permissions (at least) for all current and future collections and workflows in the area. In contrast, v/e/m permissions per se must be set manually on each collection or workflow copy.
  • Custom workflows (via templates, see below) can generally* be defined in terms of either governance roles or the v/e/m permissions. (The provided Basic workflow uses v/e/m only.  * Voting steps pertain to governance roles only.)

Organizational Structure

EDG organizations are custom hierarchical groupings of users specified either individually or via their security roles (e.g., from LDAP). Each organization instance can also have documentation, various types of metadata, and may contain sub-organizations. Organizations represent users abstractly, which provides various benefits such as:

  • documenting governance responsibility at an organizational level instead of a user account level, and
  • representing users before having to identify and onboard specific individuals, and
  • facilitating reassignment of responsibilities when personnel change.

Other Governance Assets

Governance assets are instances of various governance-related information types (classes) such as agencies, councils, issues, metrics, policies, reports, etc. This item opens the Governance Model editor, listing current instances (if any) and providing functions such as view, edit, create, delete, etc.

Metrics Dashboards

EDG administrators can activate metrics dashboards: EDG Configuration Parameters > Teamwork Platform Parameters > Metrics dashboards activated. And they can also edit the resulting GOVERNANCE MODEL > Dashboards item. Note that creating new Metrics Dashboards requires advanced TopBraid developer knowledge in order to generate the scripts needed to supply data and add visualizations. Upcoming releases will include additional scripts for a variety of metrics. If you are interested in the possibilities for tailoring TopBraid EDG Metrics Dashboards to better suit your needs, please contact TopQuadrant to explore the following options:

  • Have TopQuadrant quickly configure a customized EDG solution to meet your detailed requirements. We will be pleased to quote and provide affordable customization and tailoring services.

  • Enable your organization to develop and maintain customizations for EDG by guiding and training your selected personnel to perform the variety of customization capabilities.

Users

This lists all users defined in the EDG system (e.g., via LDAP). Each user listing can be viewed for details of its its governance associations within EDG.

For each user, the details presented consist of:

  • Settings (Tomcat users only): Non-LDAP users can define the email address that receives notifications. Users with administrator privileges can edit the email addresses of all users.
  • Governance Roles: Lists the governance roles of the selected user, if any. The list displays the name of the area or asset (including a link to the details page) and the governance role of the user.

Workflow Templates

This shows the collection of templates that define the available workflow types, e.g., the Basic workflow. To customize these workflow types externally from EDG (e.g., via TopBraid Composer - Maestro Edition), users in the Teamwork Administrator Role can download and upload the templates as a Turtle file. For details on developing custom workflows, see EDG Developer Guide: Adding Custom Workflow Templates.


  • No labels