Ontology attribute level profiling

Owned by DevPortal Editor (Unlicensed)
13/09/21
3 min read

ES | EN

Disponible desde versión 2.2.0-hyperblast

Introduction

This functionality contributes to Platform’s Data Governance capabilities allowing setting custom permission to data stored in the same ontology for a user or role.

In this way, as an example we could say that certain role only has access to the data of an ontology whose STATUS attribute is PUBLISHED, or whose REGION attribute is CENTER, or that a certain user can only access data belonging to a certain COMPANY, defined in an attribute of the ontology.

How to use?

This security level is configured in a new DATA ACCESS SETTINGS section that appears in the Ontology management. Once the ontology has been registered, you can access the indicated tab:

User-level and role-level restrictions may be included within Realm.

  • For users, the restriction can be build and will be applied to all the queries made over the ontology (in SQL language). It can be applied to all the attributes deemed necessary by adding the OR and AND connectors:

The query will be build as you enter attributes and their values:

It will be built adding the new condition to the previous one entered (depending on the AND or OR control). These restrictions per user will be shown in the table on the right:

In case of wanting to remove a restriction, just click on the Remove button. The rule is editable for more complex restrictions. Once the modifications have been introduced, click on the Update next to it for the changes to take effect.

If you want to define restrictions for more users, just select users and add them the same way:

There will only be one restriction per user and ontology, so all conditions will have to be entered in the same rule (even if they apply to different attributes).

  • When the user queries the ontology (Restaurants in the example), the restrictions will be applied transparently:

 

  • This functionality also allows applying restrictions at Realm’s role level.

To do this, the Realm will be selected and then the role within it to which the restrictions will be applied.

The restriction will appear in the list, associated with the role of the selected realm:

Restrictions can be added to different Realm’s Roles, composing them in a similar way to the user (as seen above). If you want to remove them, the Remove control will be used and also they will be editable and updatable using the Update button.

Once introduced, these restrictions will be applied to all users associated with the Realm’s Role that has been selected for the restriction.

  • These two levels of restrictions can be combined, allowing greater granularity of access level. In addition, these restrictions can be applied to all the ontologies desired, being able to combine them in complex queries that perform JOIN, UNION, ...