- Print
- DarkLight
- PDF
Security Profiles in Migrate
This topic is related to the following topics:
Overview
Security Profiles allow users to extend role-based security settings in the Syniti Knowledge Platform (SKP) on an individual asset, such as rules, subject areas, and Migrate datasets, releases, and datasources. When a security profile is applied to an asset, only users associated with user groups and roles designated on the security profile have visibility or access to that asset and its underlying components.
Security Profiles enhance data security and improve control over your organization’s sensitive assets during a Data Migration process. Security profile managers can make changes to that security profile as required to allow additional users access to the assets to which a security profile is applied. Refer to Security Profiles for more information on creating and maintaining a security profile.
This article demonstrates how security profiles can be implemented to one of the following assets or components in SKP > Migrate:
Datasets
Datasources
Releases
In this article, let us implement security profiles to Datasets. You can consider the same workflow for Datasources and Releases.
Datasets
For demonstration purpose, we create and apply a security profile to the HR Payroll and Employees datasets in the HR_SA subject area.
Note
Syniti recommends you first create a security profile and apply it while creating an asset.
Let us consider two users:
User A: A Dataset Designer with an Administrator role to access and maintain all components in Migrate.
User B: A member of your project team with a Viewer role to only view specific components in Migrate as per the Viewer’s role-based security settings.
Similarly, you can create other users with required roles and grant them access to specific components as per your project requirements.
Use Case A: Restricting a Dataset from a User
User A decides to create the HR Payroll Dataset and restrict it from User B before starting to add data elements and work on it for Data Migration. User A has the Admin privilege to create a security profile to manage the HR Payroll Dataset.
User A creates an HR Department security profile. Note that a user who creates a security profile has the privilege to manage it and can also add other users as a Manager to manage this security profile.
User A adds the required roles and user groups to the HR Department security profile. Note that User A is also part of the added user group.
Note
Syniti recommends you create a user group with the required users before adding a user group to a security profile.
The HR Department Security Profile is now configured. User A creates the HR Payroll Dataset with the required details and accesses the the Security Profile section. User A selects the HR Department from the Security Profiles list saves the dataset.
Note
User A can only see the security profiles that User A can manage. In this example, User A only manages the HR Department security profile.
Use Case B: Not a Manager of a Security Profile but a User
User A accesses the Employees Dataset and views the Security Profile assigned to a different security profile that User A doesn’t manage. User A realizes that User A is part of the user group added to the different security profile named Dataset Profile to design the Employees Dataset.
As User A is a manager of the HR Department security profile, User A can assign this dataset to the HR Department security profile, if required to allow only the required users to work on this dataset.
Use Case C: Adding a Read-Only User to an Existing Security Profile
User A completes designing the HR Payroll dataset and decides to let User B view this dataset for reviewing or audit purposes, as User B is a member of the Project Team. User A modifies the HR Department security profile, and then adds the Viewer role and the Viewer group to it.
Now, User B can view the HR Payroll Dataset and its details but cannot edit this dataset.
Note that all the fields on the Edit Dataset Details page are unavailable for User B to modify it. But, User A can modify and maintain the HR Payroll dataset based on the HR Department security profile configuration.
Hence, you can limit access to sensitive datasets, datasources, or releases using the Security Profiles feature so that these assets and its underlying components are not visible to other users apart from the designated users.