After you configure your user authentication for the InfoSphere®
MDM
implementation, you then can control which users and applications have access to your
data.
About this task
Depending on how you authorize access to data, you can
later audit access with the InfoSphere
MDM audit
and logging tools.
Procedure
- If you have not already, design a classification system
for your data.
Your plan works in concert with the user
authentication system that you set up separately. In particular, think
of the people and applications that might handle your data: data owners,
data stewards (custodians), and data users (business analysts, data
scientists, report users, and so forth).
- Control data visibility and access with data level entitlements
that are set through the rules of visibility. You can also control
data access with record-level authorization that is provided by access
tokens. You must examine your custom applications and modifications
in addition to the provided InfoSphere
MDM functionality.
- For InfoSphere
MDM web
applications, verify that the access remains secure in these ways:
- Resource level (URL, page) that can be configured through the
deployment descriptor
- Data level (field on page) that can be implemented in these modes:
- Reactive mode
- When users edit data, only upon submit, the operational server
tells users that they do not have access to the field. When users
read data, users see a blank value for the field because the operational
server does not allow users to see it.
- All physical MDM web applications are all implemented in this
way.
- Proactive mode
- When users edit or view data, the web application pre-checks the user authority and does not
even show the fields to users.
- For the application server and its web services, see its
documentation about trusted communication, authentication, and access
control.