User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

Governance Roles

Governance roles represent the different action sets available on particular entities for a specific access level. In other words, they aggregate the access levels in ONE that can be later assigned to users or groups. For more information about access levels, see Access Levels.

Governance roles can be assigned to either a user or an identity provider role. Both types of roles are essential for regulating access for groups. For more information, see Groups.

Overview

To see the existing governance roles, go to Global Settings > Governance Roles.

Only users with the ONE Administrator role can manage governance roles.
Governance roles listing

To view the full configuration of a role, select the role name. On the role details screen, the following tabs are available for each role:

  • Overview: Provides the description, general information, and the full access level configuration of the role.

  • History: Lists all changes made to the governance role.

To view an earlier version of the role configuration, select the version from the History tab. This opens the role Overview tab showing the configuration for that particular version.

Governance role History tab

Default governance roles

By default, the following governance roles are configured in ONE:

Default governance role Description Assigned to new groups

ONE Administrator

ONE admin changes the application model and settings, manages group hierarchy, and creates new entity types. They make sure the overall consistency of the metadata model is preserved.

ONE admins have full access to all system management features of ONE including access management.

No

ONE Operator

ONE operators can perform actions on all data assets that change the ONE workflows. For example, ONE operators can manage synchronization with Keycloak and the lifecycle of assets, track data quality, create reports.

ONE operators cannot modify the application model and settings nor access the assets.

No

Data Owner

Data owners define the data quality requirements of a specific department, division, or data domain.

They work with a team of ONE operators and other roles to ensure the data governance criteria are met. Data owners are usually senior business managers.

Yes

Data Consumers

Data Consumers work with metadata only when they browse Ataccama ONE. They are business or technical users with limited knowledge of data management.

They can view metadata but are not allowed to view actual data values.

Yes

Data Steward

Data Stewards work with both technical assets, like tables, fields, files, systems, and models, and business assets, like business terms, acronyms, KPIs, and reports. They manage the life cycle of assets, track data quality, and create reports for data owners.

Yes

Default entities and their access levels

The following table shows the default configuration of access levels on default entities for each governance role in ONE. For more information about access levels, see Access Levels.

When you create a new governance role or entity, no access levels are assigned by default. We recommend assigning access levels as soon as possible as otherwise access remains unrestricted.

Until the access level is assigned, the following warning is displayed:

Assign access warning
Entity Entity description ONE Administrator One Operator Data Owner Data Consumer Data Steward

System

The level of access to the System entity governs whether a role can draft changes in the metadata model. However, to apply the changes you must also have the MMM_admin identity provider role, which is attached to the ONE Administrator role by default.

Full access

Operate access

View metadata access

View metadata access

View metadata access

User Management

The level of access to the User Management entity determines the actions a role is able to perform as related to the User and Access Management features.

Full access

Operate Access

Editing Access

View metadata access

View metadata access

Connection

Child entity of the Source entity. Defines a data source connection.

View metadata access

View metadata access

Full access

View metadata access

Full access

Rule

Identifies catalog item attributes to which a specific business term should be applied. Evaluates the data quality of catalog items and their attributes.

For more information, see Detection and DQ Evaluation Rules.

View metadata access

View metadata access

Full access

View metadata access

Full access

Term

Terms enable further analysis of data, as evaluation and quality checks operate on the basis of expected values of specified terms.

For more information, see Data Quality.

View metadata access

View metadata access

Full access

View metadata access

Full access

Post Processing Result File

Access to result files of post-processing plans.

For more information, see Monitoring Project Results, Reports, and Notifications, section Export and post-processing plans.

View metadata access

View metadata access

View metadata access

View metadata access

View metadata access

Component

Components are ONE Desktop files that can be used for three possible data processing steps:

  • Post-processing components: Used for any kind of post-processing actions on the data in accordance with the defined rules.

  • Transformation components: Used for automatic transformation of the data according to the set rule (for example, unified gender marks as "M" and "F" where other forms will be transformed to these).

  • Validation components: Used for checking whether the loaded data meets data quality requirements, and for sending notifications or identifying the values that do not.

View metadata access

View metadata access

Full access

View metadata access

Full access

Catalog Item

Entity that defines assets in the Data Catalog. For more information, see Catalog Items.

View metadata access

View metadata access

Full access

View metadata access

Full access

Location

Child entity of the Source entity. Defines the location of a data source.

View metadata access

View metadata access

Full access

View metadata access

Full access

Folder

Defines the workspace folder of virtual catalog items in the data catalog.

View metadata access

View metadata access

Full access

View metadata access

Full access

Source

Entity that describes the source of catalog items in the application. ONE can work with data from a number of sources.

After a data source has been added, data and metadata from this source can be imported and consequently cataloged and profiled, as well as monitored for data quality.

View metadata access

View metadata access

Full access

View metadata access

Full access

Policy Condition Setting

When you user assigns policies, the conditions on the application work are set.

These conditions have a "do when" format: "do something when something happens". Policy Condition Settings screen configures the timing for the action (the "when" part). In other words, it specifies where to look for particular values when evaluating conditions on certain entities.

Full access

View metadata access

View metadata access

View metadata access

View metadata access

Lookup Item

Entity that allows you to use reference data in ONE. They provide a list of predefined values for an attribute, and can be used both in DQ evaluation rules and detection rules.

For more information, see Lookup Items.

View metadata access

View metadata access

Full access

View metadata access

Full access

Value Lists

A list of values aggregates referenced and enumerated lists of values you can assign to entities. Currently, there are two default lists: Deployments and Data Instances. Once you add a value list, you can configure it as needed.

Full access

View metadata access

View metadata access

View metadata access

View metadata access

Monitoring Project

Used to evaluate the data quality of selected catalog items and monitor it over time.

Data is evaluated in accordance with the DQ rules applied to the selected items, automatic anomaly detection, and structure checks.

For more information, see Monitoring Projects.

View data access

View metadata access

Full access

View metadata access

Full access

Policy

Entity that defines policies. The level of access to this entity determines whether you can create and manage policies in ONE.

View metadata access

View metadata access

Full access

View metadata access

Full access

Regulation

Entity that can be used to organize policies under a specified regulation. Regulations are a single-level aggregation framework for policies (this means you cannot have regulations within regulations).

View metadata access

View metadata access

Full access

View metadata access

Full access

Category

Entity that can be used to organize policies in a specified category. Categories are a multilevel aggregation framework for policies (this means you can store categories within categories).

View metadata access

View metadata access

Full access

View metadata access

Full access

Catalog Configuration

Entity that defines various configuration options within the Data Catalog. Additionally, Full and Edit access level to this entity enables you to create SQL catalog items.

Full access

View metadata access

View metadata access

View metadata access

View metadata access

Profiler Configuration

Enables you to Configure Profiling.

Full access

View metadata access

View metadata access

View metadata access

View metadata access

DQ Configuration

Entity that defines the level of access to various configuration options related to Data Quality features.

Full access

View metadata access

Full access

View metadata access

Full access

Web App Configuration

The level of access to this entity determines whether a role can make changes to the layout, color palette, and navigation of ONE. For more information, see the following topics:

Full access

View metadata access

View metadata access

View metadata access

View metadata access

Slack Configuration

The level of access to this entity determines whether a role can configure the Slack Integration with ONE.

Full access

View metadata access

View metadata access

View metadata access

View metadata access

Data Export Project

The level of access to this entity determines whether a role can use the Data Export feature.

View metadata access

View metadata access

Full access

View metadata access

Full access

Notification Configuration

The level of access to this entity determines whether a role can configure the MS Teams Integration with ONE.

Full access

View metadata access

View metadata access

View metadata access

View metadata access

Dmm Configuration

The level of access to this entity defines the actions a role can perform as related to ONE Data.

Unassigned

Unassigned

Unassigned

Unassigned

Unassigned

Csp Configuration

The level of access to this entity defines the actions a role can perform as related to Content Security Policy Configuration.

Full access

View data access

View data access

View data access

View data access

Reconciliation Project

The level of access to this entity defines the actions a role can perform as related to data reconciliation.

View metadata access

View metadata access

Full access

View metadata access

Full access

Landing Page

The level of access to this entity defines the actions a role can perform as related to the ONE home page features.

For more information, see The Home Page.

Unassigned

Unassigned

Unassigned

Unassigned

Unassigned

Dq Firewall

The level of access to this entity determines whether a role can configure the DQ firewall features.

Unassigned

Unassigned

Unassigned

Unassigned

Unassigned

Create or edit governance roles

To create a new role or edit an existing one, do the following:

  1. Go to Global Settings > Governance Roles and continue with one of the options:

    • To add a new role, select Create.

    • To modify an existing role, select the role and then Edit.

  2. Specify the following information:

    • Name: Meaningful name for the role.

    • Description (optional): Description of the role purpose.

    • Assign to new groups (optional): Select to automatically add this role to the list of the prefilled roles in newly created groups. For more information, see Groups.

    • Order: Specify the position of the governance role on the stewardship widget. Roles with a lower number are displayed first. We recommend setting the order of your roles based on seniority and corresponding levels of access.

      Governance roles general information
  3. Specify the access level on entities following these steps:

    If no access level is specified, we recommend assigning one as soon as possible.
    1. Search for the entity that the role should have access to.

    2. In the three dots menu next to the entity name select the appropriate access level.

      Assign access levels
  4. Select Save and Publish.

Remove governance roles

When you delete a governance role, users with this role are automatically removed from the groups.

To delete a governance role:

  1. Go to Global Settings > Governance Roles.

  2. Do one of the following:

    • Select one or more roles and then Delete.

      Delete governance roles
    • Open the role details and in the three dots menu select Delete.

Was this page useful?