Data360 Govern

Case:

What we often experience in discussions with business units or specific domains that a lot of their data definitions may be visible for all users but that about 20% of this data is too sensitive to be published to all.

Examples:

- "Third Parties/Suppliers" may be visible for all, but the underlying contracts with prices for example are confidential.

- certain "Controls" are commonly known and may be distributed to all users, but some controls are specially designed to catch people who commit fraude.  Those controls, we don't want to publish to all in order to not give the opportunity to investigate how to avoid the control.

- ...

Issue:

We see that this 80-20 rule is often blocking us to convince users to put their data in Govern.  Why would they put 80% of the data in Govern if they have to keep their Excel file for the other 20%???

Proposal:

Add a functionality to "hide" an asset by default for all users.  Read access needs to be given by adding a specific role.

If such a solution exists already within Govern, I would be delighted to learn how to configure it.  I found one 'dirty' workaround but I would like to put something sustainable in place.

Thanks!

Steve Selleslagh

Hi Steve,

Currently in Govern, regular (non-Admin) users have read permission on assets by by default and Admin users have all permissions by default. An enhancement request would be need to be raised for Product Management to assess the requested change.

You do not detail what you mean by the 'dirty' workaround.

However, the Responsibilities functionality may provide one solution you could implement to provide the equivalent of having the default user permissions not grant read access on assets.

You can set up responsibility rules for assets with no read permission and assign them to a group. You can then set the group to sync with your AD so you can just leverage groups in AD instead of having to put the users in a group in Govern. You can then put the users you want to have read permission to the asset in another group and have responsibility rules for that that which grant read (and other permissions) to the members of this second group.

<x-zendesk-user data-user-name="Adrian Williams">366746295667</x-zendesk-user> <x-zendesk-user data-user-name="Adrian Williams">372861906753</x-zendesk-user> is there a way to hide an asset group by default, so only groups granted read access would have it? or is that the scenario you are stating would require an enhancement? this exact business case came up on a discussion today.

There is no mechanism to have read permissions denied by default in Govern. All users have read permission by default on all assets. Yes, an enhancement to the product would be required to deny read access by default.

An enhancement request has been raised for this product change. Ref. GOV-15702

Thank you