Data Security Model
How to get the Data Security Model to work.
A model providing an overview of the governance, ownership and maintenance of organisation data and the business roles involved. It also provides insight into access control policies.
A model which shows the assignment of a specific data management responsibility (e.g. owner, steward) for a Data Subject or Objects to one or more Business Roles. It also helps the enterprise to define how it will protect one or more resources. Captured Security Policies define how security SHOULD be applied to the specified resources.
Use this to communicate and support Data Management and Governance Initiatives.
This view uses a number of classes such as Data Subject, Data Object, Business Role Type, Information/Data Management Policy, Security Policy
In Open Source/Meta Model, navigate to the Report Constant Class, under EA Support, Essential Viewer, Report Configuration, Report Constant and select the Instance Data Stakeholder Role Type, add/create a stakeholder by adding/selecting a Business Role Type called **Data Stakeholder in the Associated Instances slot. Add/create the business role type in the Is Realised By Roles Slot (either an Individual or Group Business Role**).
Note: For stakeholders which are of an Individual Business Role, you need to add in the
slot, a Business Role Type called “Data Stakeholder” Navigate to EA Class, Business Layer, Business Conceptual, Business Role Type and select “Data Stakeholder”
Navigate to the Info Data Management Policy Class under EA Support, Governance, Policy and define a new Info Data Management Policy by adding/creating the following: Responsible Roles/Actors, Assigned Responsibility ( *Business Role, Individual or Group Business Role*), Responsibility Aspect and the Policy for Info/Data**.
Note:- If the Assigned Responsibility slot is populated with an Individual Business Role, this will be shown on the view accordingly
Navigate to Security Policy under EA Support, Governance, Policy and Security Policy, add/create a security policy, give it a name and add its CRUD in the Policy for Action Slot (NB you will need to define a policy for each Create, Read, Update and Delete. Add/create the Policy Applies to Resources (Data Object which you previously created/selected for the Policy for Info/Data slot).
NB Link a Data Subject to the Data Object if you already have not done so, add the Policy Actor you defined against the Report Constant. Capture the Policy for Security Capability.
If the report is not enabled then go to EA Support > Essential Viewer > Report and find Core:Data Security Model and tick Enabled to ensure you that the Data Security Model is displayed in the Essential Viewer
Updated 31 October 2023