Erwin mart Catalog folder level access to User

Comments

6 comments

  • Avatar
    Scott Stalker

    I agree completely.  We also need a more granular permission scheme in the workgroup overall.

    0
    Comment actions Permalink
  • Avatar
    Johann Strauss

    Yes, This would be Ok but we also need at the root level to have multiple marts with permissions to administer them from different users perspectives (business unit in the same organization) and isolate the access across the catalogs in the marts. especially when we use the LDAP Multi-domain users to functions across the marts catalogs. This will be a great feature to have.

    0
    Comment actions Permalink
  • Avatar
    casey gwozdz

    In the  r9.x versions of Workgroup Edition, one can assign an erwin Data Modeler user to a specific library, a model or specific models in that library, or even restrict them to updating objects or not add new Entities. Although this user would be able to see the entire library folder structure and data model names in other folders, they will not be able to open these data models into erwin Data Modeler (unless they are assigned permission to view them).

    I hope this address your concerns for now.

    .

    0
    Comment actions Permalink
  • Avatar
    Scott Stalker

    Casey I appreciate the information you are providing but this product is in a terrible situation security wise and it needs to be addressed by the Erwin engineering team ASAP.  

    0
    Comment actions Permalink
  • Avatar
    casey gwozdz

    Could you further explain the security concern? Even though a user is granted permission to a specific library folder, all they can do is see is the folder structure and the data model names in the other folders. They cannot open/update/create data models in these folders - only the one folder they are granted permission to open/update/create data models in that library. If the user tries to open a model in a library they are not granted permission for, erwin Data Modeler will present a message stating that the open process failed due to lack of permission on that library.

    Please clarify the security concern.

    0
    Comment actions Permalink
  • Avatar
    Scott Stalker

    Users in our organization only receive the information they need to do their job.  Knowing a model exists implicates the existence of a database which is knowledge that should only be allowed to those that require it for their job function.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk