Governed Self Service Data Prep with Row Level Security
Attachments
Governed Self Service with Row Level Security Short.pptx
Proposed Use Case:
Centralized IT creates a data model which requires row level security managed with Section Access.
The data model is shared with a business unit developer through a Binary Load which reduces the data set for the business unit developer (inherited section access).
The business unit developer has access to the Data Manager to further extend the data model
In this use case, if the business unit developer associates data with the table where Section Access is attached to; then the automated script temporarily drops the table; which removes Section Access. It is also possible for the business unit developer to drop the table; which removes Section Access. By removing the inherited Section Access; the entire data model is exposed.
Ideally this vulnerability in inherited section access would be closed by preventing changes to tables associated with Section Access.
NOTE: Upon clicking this link 2 tabs may open - please feel free to close the one with a login page. If you only see 1 tab with the login page, please try clicking this link first: Authenticate me! then try the link above again. Ensure pop-up blocker is off.
