Extend Data Access Management to Domain Experts
After companies have taken the first steps in solving their organizations’ data access challenges, a new problem arises with scale. Consider this scenario: You’re a system administrator for the IT department at a large corporation and your company has recently invested in a product to help solve your company’s data access problems. At first, you onboard the data and manage access for one team. Slowly over the months of using this product, more requests come in to expand usage to other teams. You and your team have little context on what data is relevant or should be protected for each individual team which makes the process of granting access to end users difficult. Meanwhile, the stack of requests from various teams gets higher and higher.
Consider an alternative scenario: You’re the director of a company’s marketing department. Your company has recently invested in a product to solve your company’s data access problems. While other departments have already onboarded to using the system, your team is just now onboarding. You know exactly which data your analysts, marketers, and CRMs on various teams need to have access to and what data should be protected. However, this is frustrating for you because it’s difficult to convey the importance of certain data to your IT department who is currently tasked with handling all data access control for your company. You just wish you could do it yourself and have the control in your hands.
These scenarios represent two sides to the same problem of scaling data access control, which is where distributed stewardship comes into play. Individuals within organizations who want to manage access control for their area of responsibility don’t hold the power to do so and individuals who hold all of the access control responsibilities lack the context and time to make the right decisions. If only we could put this responsibility back into the right hands and empower individuals to focus on their strengths so that the company can thrive.
So What is Distributed Stewardship?
Distributed stewardship represents the process of delegating data access management responsibilities to the right people. With Okera, we use ownership privileges to grant access over a database or area to an individual who is more familiar with the team’s needs. So in the example above, The system administrator on your company’s IT team would grant the marketing director ownership of the marketing database which contains all data relevant to the marketing team. This way the system administrator can step in and give support if needed for more complex access permissions but the marketing director is the key owner for ensuring that access to end users on the team meets the company’s data governance standards and compliance requirements while still getting quick access to the data they need to do their jobs.
Role Templates Extend Distributed Stewardship
What if we could simplify the original scenario even more? Okera has recently built a new feature called “Role Templates.” which showcases a variety of best practices. Okera roles such as a data steward and data custodian can be empowered to delegate administration while allowing customization based on specific customer use cases. While we still recommend the traditional approach for creating roles for data consumers, these templates will simplify the decision making process when deciding on more distributed ownership roles.
With Okera, instead of IT controlling administrative actions, they can leverage the role templates feature and grant the marketing director ownership over the marketing domain by using the ‘Data Steward Template’ as shown below.
Once the marketing director is provisioned access, they can then begin granting their marketing team access to the right data with the right restrictions. As shown above, the marketing director now has ownership of the mktg_analyst_role.
If you would like to learn more about this new feature please visit our documentation site.