DMC Guideline #1017: Access to Enterprise Data Warehouse Data by Applications


Overview

Data Management Committee
Policy Guideline Document:
Document #: 1017

Purpose: This statement establishes guidelines for managing access to Enterprise Data Warehouse (EDW) data by applications.
Applies To: Applications that consume EDW data.
Issued By: Data Management Committee
Administered By: Data custodians, application teams, UW-IT.

Problem Statement

Data security standards and access privileges are implemented for access to EDW data by people. This guideline defines the technical implementation for EDW access by applications, adhering to the same UW data security standards.

Recommendations

  1. Applications access EDW data through the security metadata layer, or “DAC security views”.
  2. After obtaining the UW NetID service account, request access to the EDW, as described at: https://it.uw.edu/guides/enterprise-data-at-the-uw/request-permission-and-access-data/application-system-form/.
  3. The preferred naming standard for UW NetID service accounts is “a_[team OR system name]_edw_[access OR extract]”, example a_opb_edw_access.
  4. The UW NetID service account is assigned a EDW ASTRA security role. It is the responsibility of the system owner to self-select an appropriate role and submit to dmc-support@uw.edu for custodian approval. DMC support personnel will administer account in ASTRA upon approval. EDW ASTRA security roles can be reviewed at https://uwconnect.uw.edu/it?id=kb_article_view&sysparm_article=KB0034995.
  5. Applications must use an SSL encrypted connection.

Additional Considerations

  1. Because DAC security views are not access method specific, a variety of access methods are acceptable. These include but are not limited to SQL Server Integration Services (SSIS), OLEDB connections, and ODBC connections. (Note: Business Intelligence tools, such as Microsoft Reporting Services, are discouraged for high-volume extracts.)
  2. The Data Management Committee (DMC) discourages data extracts into local, redundant data repositories (https://drive.google.com/file/d/1ZL0DGCeYJEE-AFJJbjTy3TBUtRaioZM5/view). Therefore, application teams with the intent of extracting data from EDW for local storage must request a DMC exemption by submitting a written request to dmc-support@uw.edu.
  3. For EDW data extracts, the application team is responsible for scheduling and implementing the extract with the Decision Support Services team by contacting edw-help@uw.edu. EDW data extracts must be “pulls”; pushing data is not supported by Decision Support Services.
  4. Service levels will be reviewed with Decision Support Services upon implementation.

Exceptions

Exemptions from this policy will be reviewed by the Data Management Committee as they occur.

Original Policy Guideline PDF

https://drive.google.com/file/d/1hUGGtDyrpoh5o0KFqaWMcG_6PCCD6leZ/view