Versions Compared

Old Version 28

changes.mady.by.user Mark Fitzpatrick

Saved on

compared with

New Version 29

changes.mady.by.user Mark Fitzpatrick

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Governance refers to Data Governance in MDM.

...

Operation ACLs are not part of zone data governance. Operational ACLs set policies that set forth for a given data domain version:

  • What zone can or can't  POST or DELETE  data records (DRs). 
  • What adaptors or can't  POST or DELETE  data records (DRs).

There is a single system-wide chain for Operational ACLs that is controlled by the DGS.  By default all zones and adaptors can POST and DELETE data records but POST and DELETE polices for data records can be controlled by the DGS.

Operational ACL policies can be on the following:

...

The image below represents an example of MDM domain-related permissions and operational, outbound, and inbound ACLs (traveling left to right). Additional text below the image describes the process in addition to the embedded in-image textthe components involved as a data event is detected at an adaptor and flows through the YOUnite ecosystem.

TODO: Simplify this

  • On the diagram's left side is a source zone’s single Source Adaptor (abcd-1234) that sends data changes events (data records) in its domain(s) to the router.
    • Note: A zone can have many adaptors.
  • The data records sent from the source adaptor to the router have Operational ACL applied to them. Operational ACL limits which data operations are allowed (create/delete YOUnite Data Records)  from the source zone’s adaptor(s) and adaptor domain(s) and are defined by the zone's DGS.
  • Next, the data records from the source zone’s domains/adaptors are linked to YOUnite Data Records to avoid data record duplication. 
    • Note: The data records published by the source adaptor could be updates, deletes, or new records.
  • Outbound ACLs then get applied to the source adaptor’s data records. The Outbound ACLs are defined by the source zone’s ZDS and define what data the Zone can send out (i.e .restricting data, or elements of data, of certain domains from flowing out of certain adaptors in the zone to other zones).
  • After Outbound ACLs are applied the data records are published to the YOUnite Data Hub Router and subscribing/desitnation zones and their adaptors (on the diagram's right side) are notified of the updated data.
  • Any destination zone that has subscribed to data records from the source zone has Destination zones have Inbound ACLs in place to define which data operations are allowed in the from source zone zones and its their adaptor(s). Inbound ACL is defined by the destination zone’s ZDS. Any data or operations that are configured to be ignored restricted are filtered out. The Destination Adaptor (zyxw-9876) in the image above is shown receiving data records and/or operations it has subscribed to, as filtered by its zone’s Inbound ACL.