Decision Support

About Data Security

The Enterprise Data Warehouse (EDW) is the central repository of the University of Washington's electronically stored institutional data.At UW, our warehouse is designed to facilitate reporting and analysis, so that decisions-makers can have better information on which to act. The EDW houses a large volume of data across multiple subject areas.

In order to protect sensitive data while providing uniform access to enterprise information, the Data Management Committee developed clear and concise roles for access to the EDW. Access roles to major subject areas of data were created to follow security guidelines and principles identified in the UW Information Systems Security Policy Statement.

These roles provide fine-grained access to information, and define privileges based on specific row and column access needs.  The Security Access and Roles Matrix (Matrix) describes the roles and their privilege levels across data subject areas (such as Academic, HR, Finance).

Campus users gain access to EDW data and reports by submitting an access request to the Data Custodians, who then assign users to one or more of the roles defined by the Matrix. 

Three tools are employed to ensure the DMC’s Matrix rules are correctly applied.  For more information on these tools, click the links below.  For an overview of how these tools work together, see Figure 1 on the Data Access Control page.

  • ASTRA – Access to Systems, Tools, Resources and Applications

ASTRA is an authorization system that stores information about who can use a wide variety of administrative applications and tools across the UW

The DAC is a SQL server database. There is one copy of this database on every EDW server that stores data available for querying and reporting. The DAC schema contains data permission information for every table, column and row available for querying on those servers. It also contains information on Security Access and Roles Matrix roles and their privileges to tables and columns of data. Lastly, the DAC maintains lists of campus users belonging to those roles.

The SMAT is a web‐based front end to the Data Access Control Mechanism (DAC). With this tool users can grant table‐wide access, or restrict access by column and/or by row, to individual EDW database tables.

---------------------------------------------------------------
*Full patent filed with the US Patent and Trademark Office in October, 2009. Decision expected in 2014. DAC and SMAT were developed by Information Management’s Enterprise Data & Analytics team.