About Data Security
The Enterprise Data Warehouse (EDW) is the central repository of the
of Washington's electronically stored
institutional data.At UW, our warehouse is designed to facilitate
reporting and analysis, so that decisions-makers can have better
information on which to act. The EDW houses a large volume of data across
multiple subject areas.
In order to protect sensitive data while providing uniform access to
enterprise information, the Data Management
Committee developed clear and concise roles for access to the
EDW. Access roles to major subject areas of data were
created to follow security guidelines and principles identified in the UW Information Systems Security
These roles provide fine-grained access to information, and define privileges based on specific row and column access needs. The Security Access and Roles Matrix (Matrix) describes the roles and their privilege levels across data subject areas (such as Academic, HR, Finance).
Campus users gain access to EDW data and reports by submitting an access request to the Data Custodians, who
then assign users
to one or more of the roles defined by the Matrix.
Three tools are employed to ensure the DMC’s Matrix rules are correctly applied. For more information on these tools, click the links below. For an overview of how these tools work together, see Figure 1 on the Data Access Control page.
- ASTRA – Access to Systems, Tools, Resources and Applications
ASTRA is an authorization system that stores information about who can use a wide variety of administrative applications and tools across the UW
The DAC is a SQL server database. There is one copy of this database on every EDW server that stores data available for querying and reporting. The DAC schema contains data permission information for every table, column and row available for querying on those servers. It also contains information on Security Access and Roles Matrix roles and their privileges to tables and columns of data. Lastly, the DAC maintains lists of campus users belonging to those roles.
The SMAT is a web‐based front end to the Data Access Control Mechanism (DAC). With this tool users can grant table‐wide access, or restrict access by column and/or by row, to individual EDW database tables.
*Full patent filed with the US Patent and Trademark Office in October, 2009. Decision expected in 2014. DAC and SMAT were developed by Information Management’s Decision Support Services team.