Security: Access Management
Protect data responsibly while empowering your users.
Good data-warehouse architecture delivers a single reporting platform and a single point of entry into an organized repository of the organization’s data. That architecture allows privileged system users to control and monitor access to pieces of the EDW on the individual data-mart level.
Best practices made simple
Health Catalyst follows four guiding principles for security and access:
- Partner data owners with data architects to design and implement the appropriate level of security.
- Give as much read-only access as possible, but closely monitor the usage.
- Use views to limit end-user exposure to sensitive columns, like Social Security Numbers.
- Manage access through data stewardship.
Data stewardship through knowledge experts
System administrators can designate data stewards – knowledge experts in a particular data mart – as the data mart’s primary owner. Their authority allows them to:
- Approve, disapprove, or revoke access to a data mart or dashboard
- Evaluate and improve data quality
- Monitor how users navigate the data mart and generate reports
Privileges by group
EDW users typically fall under the following three levels of access. Privileges can be tied to Active Directory or other Windows authentication services.
Tier 1: Basic user
Basic users can browse data mart information in Atlas but cannot modify data marts or configurations.
Tier 2: Data steward
Data stewards control which users can access which data marts.
Tier 3: System administrator
According to local security policies, system administrators:
- Have full access to EDW configuration tables
- Manage user access to the EDW and its specific data marts
