Configuration
Configuration
Breadcrumbs

Roless

The second step to implement the organization's governance model in Anjana Data is to establish the definition of governance roles.

A role is the mechanism through which responsibilities and action capabilities are assigned to platform users, determining what actions they can perform on the different objects and in what scopes (data domains or transversally). Roles therefore allow the data governance model defined by the organization to be made operational.

Each governance role also acts as the basis for the authorization mechanisms, since in combination with the organizational units (data domains) it establishes which users can perform which functions on the associated assets.

Unknown Attachment

Roles can be configured in two ways:

  • Vertical roles: apply only to a specific data domain. Each organizational unit will have its own users with that role.

  • Cross roles: apply globally across all data domains in the organization, with the same permissions in each of them.

Unknown Attachment

Once the roles are defined, names and descriptions must be assigned in accordance with the organization's governance model, ensuring they are aligned with the official terminology of its data governance framework (e.g. Data Owner, Data Steward, Data Custodian).

Important note: roles by themselves do not define actions. For a role to be operational it is necessary to associate a permissions package (table Permissions) that determines the operations it can perform on the different object types and modules of the platform.

In Anjana Data, roles are configured in the Roles table of the Configuration Panel and will subsequently be available in the permissions assignment screens ( Permissions), users to roles ( User-OU-Roles)and in the workflow configuration ( BPM).

The Roles Table in the Configuration Panel (Administrator view)

Roles are configured in the Roles table of the Configuration Panel. The definition of roles is an essential prerequisite for configuring permissions (managed in the Roles table) and authorization, i.e., the assignment of roles to users within specific organizational units, which is managed in the User-Ou-Roles table.

Unknown Attachment

Structure of the Roles table

Each registered role is characterized by the following fields:

  • id: unique identifier of the role.

    • Automatically assigned based on database sequences.

  • module: module the role belongs to. Currently this is an informational (legacy) field inherited from older versions.

    • Possible values:

      • "BG"Business Glossary

      • "DC"Data Catalog

      • "ALL" → applies to the entire platform (recommended option).

  • name: name assigned to the role.

    • This value must be unique: two roles cannot be configured with the same name.

    • The name must not contain characters that match the organizational unit separator (/), to avoid conflicts in authorization.

    • Additionally, it can be translated into the different application languages using ROLE.<name> as the translation key in the Translations table.

  • description: textual description of the role.

    • Informational field for documenting the functions or responsibilities assumed by the role.

  • isCross: indicator that defines whether the role is cross, i.e., whether it applies globally to all data domains in the organization and therefore it is not necessary to select organizational units when assigning it to a user.

  • isDefault: indicator that defines whether the role applies to all users who authenticate successfully.

The object permissions assigned to the default role apply to all Organizational Units, so it acquires cross role capabilities. It is important to take this into account when determining what permissions are assigned to the default role.

Unknown Attachment


Adding a Role in the Roles table

Adding a new role (for example, the DPO - Data Protection Officer) involves adding a new record in the Roles table.

To add the record and register a new role:

  1. Click the New button in the upper right corner. This will open a wizard with the fields defined in the Structure of the Roles table section.

  2. Fill in the role fields according to the structure described in the previous section.

  3. Click Save to save the role or Cancel to discard.

Unknown Attachment


Editing a Role in the Roles table

Modifying the name or isCross fields must be done with caution, as it may have an impact on:

  • The permissions assignment (permissions table Permissions).

  • The assignment of roles to users (table User-Ou-Roles).

    • If the isCross flag of a role is to be unchecked, the configurator will be warned that the change is not possible while there are users with that role assigned.

  • The workflow configuration with validation steps associated with certain roles.

  • The translations of the role's Role.<name> in the different application languages.

Configuring Roles via direct database access (Developer view)

The database (DB) table containing the roles configuration has the following structure:

Column

Data type

Constraints / Notes

id_role

int4 (INTEGER)

PRIMARY KEY. Not null. Unique identifier of the role.

is_cross

bool (BOOLEAN)

Nullable. Indicates whether the role is cross.

is_default

bool (BOOLEAN)

Nullable. Default is false. Indicates whether the role applies to all users by default.

module

varchar(255)

Optional (NULL). Module associated with the role.

role_name

varchar(255)

Optional (NULL). Must be unique. UNIQUE (role_name) constraint.

role_description

varchar(255)

Optional (NULL). Description of the role.

Below is an example query to configure the DPO role:

SQL
INSERT INTO zeus."role"
(id_role, is_cross, is_default, "module", role_name, role_description)
VALUES(16, true, false, 'ALL', 'DPO', 'Data Protection Officer');

Important:

  • Once the insert has been executed, run the sequence update for the table. (From the Configuration Panel under Actions > Reset DQ sequences the sequences for all tables, including this one, can be updated).

  • The full weight of the configuration logic falls on the developer who executes the SQL queries directly on the tables. It is recommended to carefully review the table Structure section.

Default role configuration

In addition to the individual assignment of users to specific roles, Anjana Data allows configuring one or more default roles so that any user who registers in the application automatically inherits the permissions associated with those roles, without the need to assign them manually one by one.

The selection of the default role in Anjana Data is done using the isDefault flag in the Role table and, automatically, when marked as default it is also marked as a cross role.