Your organisation within dScribe Catlog consists of three building blocks: Users, Teams and Access Policies. These elements work together to model how people collaborate and interact within dScribe.
Teams
A team is used to link Users to Access Policies. You can create as many teams as you want. They are managed via the Teams tab in our organisation page.
Users
Users can be created in two ways within dScribe:
Manually via the admin portal
Automatically via SSO (preferred)
Go to the admin portal, select the users tab and press the create button.
Creating users via SSO
If configured that way, users that are able to succesfully login via your SSO provider will be created automatically within dScribe (see Enterprise Authentication for more information on how to setup your SSO provider).
Access Policies
Access Policies are used to implement your metadata governance policies in dScribe. They help define who is able to contribute to the documentation of assets and do administration activities and gain access to restricted assets.
Each Access Policy consists of one or more permissions. When an Access Policy is assigned to a team, all users in that team inherit these permissions.
Note that no Access Policy is required for the following activities:
Searching for non-restricted assets
Commenting
Tip
At dScribe, we believe metadata should be as open as possible. While we do not restrict you to make it harder for people to find data, we do suggest to keep your security setup as simple as possible.
There are 3 types of Access Policies:
1. Discovery Policy
1. Discovery Policy
By default, all assets in dScribe are freely discoverable by all users. If you do need to limit the discoverability of select assets, a Discovery Policy can be created. Each Discovery Policy represents one category of restricted assets. For example: 'Highly Sensitive'.
Users who have been assigned the 'Restrict Discovery' permission (see 2. Contribution Policy), will be able to associate assets with Discovery Policies. Users can only associate assets with Discovery Policies that have been assigned to them. Once an assets is associated with a Discovery Policy, it will only be visible to users who have been assigned this Discovery Policy.
Discovery-restricted assets will be indicated via the incognito icon.
Best practice
Broad discoverability of definitions and data support adoption throughout the organisation and increase value for each user. Since no actual data is exposed in any way, it is recommended to keep your usage of Discovery Policies to a minimum.
2. Contribution Policy
2. Contribution Policy
This access policy type is used to define who can contribute in what way to the documentation of assets in dScribe. Several permissions can be granted:
Create: the ability to create new assets.
Edit: the ability to edit the description, Properties and Relations of existing assets.
Delete: the ability to delete an asset.
Restrict Discovery: the ability to associate an asset with one of the existing Discovery Policies, thus restricting the asset's free discoverability in dScribe. Users with this permission can only associate assets with Discovery Policies that have also been assigned to them.
The above permissions can be restricted to a specific context, thus only allowing these actions in the appropriate context. The first restriction is based on Asset Type. If Security Properties have been enabled for the selected Asset Types, these can be used to further specify the context of your permissions. An example restricted context could be: - Asset Type = All Asset Types - Security Property 'Domain' = "Sales"
Good to know
Contribution permissions cannot be restricted on assets with Security Properties to which no value has been assigned yet. In the above example, users will be able to contribute both to assets with Domain = "Sales" and assets with Domain = Unassigned.
3. Organisation Policy
3. Organisation Policy
This access policy type is used to grant access to the admin portal in dScribe. Via the admin portal, various administration activities can be conducted:
Manage Security
Users: the ability to create new and manage existing users. For users synchronised with an Identity Provider (see Enterprise Authentication), certain fields will be locked.
Teams: the ability to create new and manage existing teams. Includes the ability to manage which users are part of which team.
Access Policies: the ability to create new and manage existing access policies. Includes the ability to (un)assign policies to teams.
Impersonation: the ability to impersonate a user to identify authorization issues for this user.
Manage Configuration
Asset types: the ability to organize the representation of properties in sections (per Asset Types). Additionally properties can also be made mandatory.
Properties: the ability to manage custom properties and link them to Asset Types.
Automation: the ability to set up Automations.
Manage Integrations
Sources: the ability to create new and manage existing sources in dScribe. If a connector is available for this source, the appropriate connection details can be added to enable automatic metadata crawling of the source.
Agent: the ability to create an agent allowing to connect to on premise sources
API Keys: the ability to create new or manage existing API Keys, used for custom integrations with dScribe.
View Analytics Dashboard
View Company Usage Dashboard: access to the analytics dashboard, offering insights into the most active dScribe users, the most popular assets & more.