Enforcing Security Using Data Security Types and Properties

From ER/Studio Data Architect
Jump to: navigation, search

Go Up to Working with the Data Dictionary

The Data Security management function of the Data Dictionary extension helps enforce security standards within the data model. It allows the data architect to classify objects in the model such as an entity, attribute, submodel or model and associate the database object with various security impact levels or compliance mappings. You can document the security of your data as you would document other properties such as the data steward would for functional business areas or external documentation. Use reporting features to communicate security information to other stakeholders.

  • Data Security Type: A top-level description of a security aspect to be observed. Default descriptions are Compliance and Classification. You can add or edit your own types and then add properties to the types. For example, you may want to describe how security is enforced, so you might add an "Enforcement Mechanism" type and then give it properties such as "Project and Model passwords required," "Read-Only Granted By Default," and so on.
  • Data Security Property: A specific security attribute to be observed. A default example is "Compliance Mapping" which describes which of several industry compliance and reporting standards should be maintained. You can add or edit your own types and then add properties to the types. For example, you may want to describe how security is enforced, so you might add an "Enforcement Mechanism" type and then give it properties such as "Project and Model passwords required," "Read-Only Granted By Default," and so on.

The topics in this section include:

Generate Default Security Information

  1. On the Data Dictionary tab, right-click the Data Security Information folder and then click Generate Default Security Information.
  2. if you have already generated the default security information, choose how to resolve duplicate properties.

This generates Compliance Mapping, Privacy Level, and Security Information security properties that you can customize for your environment.

Notes

  • View and edit the default security properties, right-click a security property object and then select Edit Security Property.
  • If, after editing the default security properties, you want to reset the properties to their default values, generate the properties again and, when prompted, overwrite the existing security objects.

Create and Edit a Data Security Type

  1. On the Data Dictionary tab, right-click the Data Security Information folder and then click New Security Type.
  2. Enter a name for the security property type, provide a description of it, such as when and why this security property is used, and then click OK.
  3. Once you have created the Data Security Type, you can edit it by right-clicking the type you want to change, and then selecting Edit Data Security Type.

Create and Edit a Data Security Property

  1. On the Data Dictionary tab, right-click the appropriate security type folder and then select New Security Property.
  2. Define the security property as required and then click OK to complete the editor.
  3. Once you have created the Data Security Property, you can edit it by right-clicking the property object you want to change, and then selecting Edit Data Security Property.

The following describe options that require additional explanation:

Name tab

Define the name of the security object and provide a description of it, such as when and why this data security property is used.

Value page/tab

Select what kind of data this security object contains. For Text List datatypes, you can list possible data values and then set the default value.

Binding Information tab

Select the object classes and/or specific objects to which you want to bind this security property. You can override this setting using the Security Information tab of object class editors.


See Also