Quick links:

[bok-callout]Role & Role Type

Roles provide users permissions on a given resource (asset, domain, community) or software modules in general. Role Types define classes of permissions that can be assigned to a user or group.

We distinguish between Resource Roles and Global Roles.

• Resource roles give apply to resources (assets, communities, domains). They are inherited by child resources down the tree.
• Global roles apply to DGC product modules, views, workflows, and snapshot compares.

For example,

• the ‘Glossary’ global role gives a user assigned to the role ‘global permissions’ to the Business Glossary module and to create views, but nothing else.
• the ‘SysAdmin’ global role confers ‘global permissions’ to all views and workflow management, but no product rights.
• the ‘Admin’ resource role gives all ‘resource permissions’ to assets, communities or domains.

[/bok-callout]

For more on the related tool functionality we refer to the Admin Guide’s section on Managing Users, Roles, Permissions.

Resource Role Types

The software is packaged with a basic set of Resource Role Types as shown below. You can add your own Resource Role Types as explained in the Admin Guide section on Managing Users, Roles, Permissions.

Apart from its name, a Resource Role is defined by the following two:

1. edit permissions that set for each Resource Role what they can add/edit/remove in the user interface;
2. workflows that define in terms of lanes he tasks to be done by a specific Resource Role.

Following is a screenshot of the window to set the edit permissions. The tree is partly collapsed. The edit permissions Role “Admin” are total, while for  “Steward” and “Subject Matter Expert” these are partial. The Role “Stakeholder” has basically no permissions.

Following table summarizes the edit permissions per resource role, and show how they map to the standard RACI roles (see e.g., Wikipedia for a common description).

In the following sections, we describe the most important Resource Role Types in terms of their edit permissions and workflow tasks.

Admin

The Role Type “Admin” is typically assigned to Users on the Community level. The Role Type is often renamed to “Chief Steward” or “Community Steward”.

In RACI responsibility assignment matrix terms, the “Admin” Role corresponds to the “A”, i.e. accountable. According to Wikipedia, The accountable is “the one ultimately answerable for the correct and thorough completion of the deliverable or task, and the one who delegates the work to those responsible. In other words, an accountable must sign off (approve) on work that responsible provides.”

Therefore, a User with the Role “Admin” has basically all permissions within the community he/she is “Admin for. This includes:

• create/edit/remove sub-communities;
• create/edit/remove domains;
• create/edit/remove assets;
• create/edit/remove attributes and relations;
• create/edit/remove comments;
• create/edit/remove attachments;
• assign roles to users;
• start/stop workflows and reassign tasks.

Steward

The Role Type “Steward” is typically assigned to Users on the Domain or Asset level, depending on the range of Assets you want him/her to have the permissions for. In some cases, you may want to assign “Steward” Role to individual Assets. In other cases, “Steward” Roles are assigned to users for a complete Domain or even Community.

In the RACI responsibility assignment matrix terms, the “Steward” Role corresponds to the “R”, i.e. responsible. According to Wikipedia, The responsible are “those who do the work to achieve the task. There is at least one role with a participation type of responsible, although others can be delegated to assist in the work required”.

Hence, a User with the Role “Steward” has only partial permissions within the community/domain/asset he/she is “Steward” for. This typically includes:

• create/edit/remove assets;
• create/edit/remove attributes and relations;
• create/edit/remove comments;
• create/edit/remove attachments;
• start/stop workflows and reassign tasks.

This typically does NOT include:

• create/edit/remove sub-communities;
• create/edit/remove domains;
• assign roles to users.

Subject Matter Expert

The Role Type “Subject Matter Expert” (“SME”) is typically assigned to Users on the Domain or Asset level, depending on the range of Assets you want him/her to have the permissions for. In some cases, you may want to assign “SME” Role to individual Assets. In other cases, “SME” Roles are assigned to users for a complete Domain or even Community.

In the RACI responsibility assignment matrix terms, the “SME” Role corresponds to the “C”, i.e. consulted. According to Wikipedia, The consulted are “those whose opinions are sought; and with whom there is two-way communication”.

Hence, a User with the Role “SME” has very limited editing permissions within the community/domain/asset he/she is “SME” for. This typically includes:

• create/edit/remove attributes and relations;
• create/edit/remove comments;

This typically does NOT include:

• create/edit/remove sub-communities;
• create/edit/remove domains;
• create/edit/remove assets;
• create/edit/remove attachments;
• assign roles to users;
• start/stop workflows and reassign tasks.

Stakeholder

The Role Type “Stakeholder” is typically assigned to Users on the Domain or Asset level, depending on the range of Assets you want him/her to have the permissions for. In some cases, you may want to assign “Stakeholder” Role to individual Assets. In other cases, “Stakeholder” Roles are assigned to users for a complete Domain or even Community.

In the RACI responsibility assignment matrix terms, the “Stakeholder” Role corresponds to the “I”, i.e. informed. According to Wikipedia, The informed are “those who are kept up-to-date on progress, often only on completion of the task or deliverable; and with whom there is just one-way communication”.

Hence, a User with the Role “Stakeholder” has no editing permissions at all. He/she can only edit or provide comments when they are prompted for in a task as, e.g., in the Approval workflow.

Global Roles

The software comes packaged with 4 basic Global Role Types as shown below. You can add your own Global Role Types as explained in the Admin Guide section on Managing Users, Roles, Permissions.

A Global Role is defined by the global permissions. Following is a screenshot of the window to set the global permissions.

DataSteward

The user assigned this global role is allowed to:

1. access all Data Stewardship Manager functionalities and workflows including policy and rule management and issue handling.
2. define and manage asset types Policies, Rules and Issues.

Glossary

The user assigned this global role is allowed to:

1. access all Business Semantics Glossary functionalities and workflows concerning business term proposal and approval, data element usage, structure and glossary alignment.
2. define and manage asset types (and sub-types) such as Business Asset, Data Structure, Data Element and Technology Asset.
3. define and manage complex relation types such as Field Mapping.

ReferenceData

The user assigned this global role is allowed to:

1. access all Reference Data Accelerator functionalities and workflows concerning code proposal and approval, and code mapping.
2. define and manage asset types (and sub-types) such as Crosswalk, Code Value and Code Set.
3. define and manage complex relation types such as Code Mapping.

SysAdmin

The user assigned this global role is allowed to:

1. access all Settings Pane functionalities.
2. define and manage every part of the operating model.