Metadata Tool administration Security

A good metadata tool will have standard open framework to be used for metadata administration and management. This will allow an open architecture BI tool to manage metadata through its own administration module. A standard open management framework allows different components in a BI environment (you may have Metadata tool and ETL tool from different vendors) to manage through a single console, if all of them follow open frameworks.

An open framework metadata tool will have plug-ins for managing different components of metadata. These plug-ins can be used by other open framework tools to manage metadata through their administration module. Here are some examples of the plug-ins and possible features:

Metadata Management:

• Controls metadata server(s) at physical level
• Creates and manages metadata repositories at logical level
• Manages resource templates for metadata structure and modeling
• Offers change management interfaces like versioning management, change impact analysis (showing all the metadata components which will be impacted if you change a specific component)
• Provides import/export interfaces.

Server Management:

• Enable you to define and configure metadata servers and connections
• Uses prototypes and definitions of attributes needed for each type of server
• Generates run-time visuals based on prototypes
• Provides easy and extensible definitions.

User and Authorization Management:

• Define and manage users
• Create access controls and permissions, that define which users can perform which actions on which resources

Scheduling

• A Metadata tool should be able to work with independent scheduling tools

NOTE- Support provided for user-written plug-ins to handle specialized or site-specific administrative tasks.

Metadata Authorization and Security

• It should be possible to define the access privileges at user, work-group, project and enterprise level.
• Create access controls and associate controls with metadata objects that describe computing resources.
• One should be able to Control:
• Who can update specific metadata objects
• Who can read and write metadata objects in a repository
• One should be able to query the access controls for authorization decisions.
• Tool should allows extension of access controls to related metadata objects through inheritance: This means that if you are defining an access privilege for a parent metadata object the same will automatically be extended to the child object. This is similar to having a sub-folder inheriting the access privileges as its parent folder.
• The product should be able to support the standard DBMS privileges (like roles, accounts and views?).
• The tools should be able to use single sign-on authentication (e.g. LDAP).