Data Access Management

Overview

Data Access Management enables organizations to centrally view, manage, and synchronize permissions for users, groups, and roles across a wide range of data objects, including databases, schemas, tables, columns, projects, reports, files, and folders.

This module catalogs existing access configurations from connected source systems, displaying the list of users, groups, roles, and their associated permissions. It also allows direct modification of these permissions, enabling the addition, update, or removal of users, roles, groups, and their access rights directly at the source, without the need for complex scripts or DBA involvement.

All actions, whether information crawled from the source or permission changes pushed back to the source, are fully audited. This ensures complete traceability and accountability across all access-related operations.

Connection Establishment

To initiate a new DAM connection from an application to a source system, add a new connector on the Connectors page and select the corresponding source system. The Data Access option must be selected to perform DAM on that connection; otherwise, only metadata management can be performed.

Below is a sample screen:

Data Access Admin

To perform Data Access Management activities, a user must have the administrator role ‘Data Access Admin’ (DAA). The connector creator (ovaledge.connector.creator) defines the Data Access Admin(s) roles on this connection, which can later be modified by the Data Access Admin(s) of that connection.

Data Access Module

The Data Access Module is available under the Administration section. Data Access Admins can only view this module.

There are three sub-modules within the Data Access module:

• Data Access Management

• Data Access Audit

• Data Access Reports

  

Data Access Management

The Data Access Management submodule controls all Access Management operations at the application level. On the left panel, a tree view showcases server names, instances, and connectors to navigate to preferred systems and manage the settings as needed. Users can manage permissions at two levels.

• At Instance level

• At Connector level

Instance level: The Instance Details page provides server details and different details associated with that particular instance, with each category organized into its designated section. Instance Data Access Admins can perform specific actions based on specific requirements at the Instance and Connector levels.

Below is a sample screenshot to show an Instance-level setting:

Connector level: The page provides Access Management settings, Permissions with Data Source to the application, and details associated with that particular connector. Connector Data Access Admins can perform specific actions based on specific requirements.

Connector Data Access Admins cannot perform any actions at the Instance level.

Below is a sample screenshot to show a connector-level setting:

Data Access Audit

The Data Access Audit displays the audit trail of any actions taken within the Data Access module, including additions, updates, and deletions. The application captures fields such as the timestamp of the action, the specific user who performed the action, and a brief description of the action. The tabs change dynamically based on the selected server instance of the source system.

Below is a sample screenshot to show the Data Access Audit:

Data Access Reports

Displays a consolidated access report for the selected user/service account. It includes all associated objects such as roles, groups, databases, schemas, tables, folders, reports, and other relevant assets within the selected instance, along with the connector and permissions fetched during the crawl.

Copyright © 2025, OvalEdge LLC, Peachtree Corners GA USA