Truedat can be used to document grants given to users to access data structures. In order to achieve it, a customized integration needs ot be in place to include this information using Truedat's API.
Using the application side menu, you will have two views available: "My Grants" and "List of Grants".
In this view users will have a complete list of all structures to which access have been granted to them. This will include structures to which the grant have been provided and any other structure inheriting this grant.
Any user with permission to view grants will have this view available. In this view all grants will be listed for review. Users will be able to apply filters by structure type, system and domain.
Our data catalog may be used to manage our user requests to access data (grant requests). This is done using a "shopping cart" where users will include the structures to which access is being requested.
Users can request access to a data structure for themselves but also for other users. In order to do so, the requester will need to have the permission "Create grant request for third parties" and the requestee, will need the permission "Allow grant requests from third parties".
Template: To activate this feature at least one template needs to be created in the "Grant request" scope. This template will define the information the user needs to complete when requesting access to the data. More than one type of templates can be created in case you need different forms.
Permissions: Provide permission "Approve grant request" to all roles that need to approve these requests.
Once this configuration has been created users will have the option to add structures to their cart and checkout the request, completing the data that have been setup before.
In the Data Catalog, go to the structure you need access to and click on
and this will add this structure to your shopping cart. You can add as many structures as needed and the check out which will register your request.
Click on the Grant Request button
Once you have added all the structures to the cart, click on Checkout
Complete the information required and click on Save
This is a view for all the users in which you will get a list with all the requests that you have created and their current status. You will be able to filter by status and order by last updated.
Clicking on a grant request you will navigate to the detailed view in which you will be able to see who has approved/rejected and which role is pending to reply this request.
In case that you have a role with permissions to approve/reject grant requests you will have this view. In this view, a list of all pending requests that you can approve will be displayed. You will be able to access the grant details, review them and approve/reject with the corresponding role. If the grant request is rejected, the user who made the request will be notified in the notification system in Truedat and by email.
Grant requests can be automatically approved or rejected if they meet certain criteria. A user with permission to approve/reject grants can set up rules that will be checked when the grant request is submitted for approval and will determine whether they can be automatically approved or rejected or they have to go through the manual approval workflow.
In order to create a rule to to "Grants" menu to the option "Approval Rules" and click on the "New Rule" button. The following information is required to create a rule:
- Name of the rule
- Domain where this rule is to be applied
- Role for which the approval/rejection will be automated
- Action to be taken if the rule is met: approve or reject
- Comment (optional)
- Conditions to be checked to determine whether the request can be automatically approved/rejected. It will validate if a field is (or is not) equal to a certain value. This field can be a field from the request details, from the structure's note or from the structure's technical metadata.
- Context: Request metadata / Structure's note /Structure's metadata
- Field: you must type the exact name of the field
- Operator: is equal to / is not equal to
- Value: value of the field
If you have been given access to an structure but you would like to request it to be removed, you can register this request. Also, a user with the new permission “Request grant removal” can request the removal of another user’s access rights. These requests then will be sent to a third party system for the actual removal which will require integration via APIs with that system.
For your own access, you can go to My Grants and from there navigate to the structure on the Data Catalog. Clicking on the icon you will see the option to "Request grant removal".
After the confirmation screen the icon will change to red
to indicate that the access removal has been requested. It is possible to undo this request before it has been actioned by clicking on the icon again where you are given the option to "Cancel grant removal".
If you have permission to request the removal of other user's access, you can do it from the Data Catalog in the Grants tab where you will see all the accesses granted to the structure and by clicking on the red cross you will request the access removal. In this same page you can undo this action by clicking on the round arrow.
It is possible to search for those grants that have been requested to be removed, just filter by “Pending removal” in the Grants and My Grants views.
Once the access has been removed by the external system, through an API the grant expiration date will be updated in Truedat to reflect that the access is no longer granted.
Once you have been granted access to a data structure, if you need to edit the grant, you will have to make a request to modify the grant and this request will go through the same approval workflow as new grant requests.
In the Data Catalog, go to the relevant structure, click on the Grants button
and select "Request grant change".
In case that there is a requirement to integrate this process with the source systems a custom integration needs to be developed according to the installation requirements and architecture.