OpenMetadata icon indicating copy to clipboard operation
OpenMetadata copied to clipboard

Published 20 hours ago verified publisher icon open-metadata

feat: Data Access Workflow

Open mgorsk1 opened this issue 1 year ago • 2 comments

Is your feature request related to a problem? Please describe.

With the concept of tasks already introduced (request tags/description) I would like to propose a feature where users can request and keep track of access to entities. This would be different from 'owning' an entity or 'following' an entity (neither of these concepts describe if user can access the data and they don't follow workflow of user requests > owner approves). It would enable OM to be even stronger embedded in the data governance process and become more aligned with 'Marketplace' and 'One stop shop for data' concepts.

Describe the solution you'd like

The solution from the current analysis of what's available/possible in OM would be to:

  • extend 'Tasks' concept with form enabling users to 'Request Access' form to given entity (table/schema/database/topic/dashboard/etc). Form would include fields such as entity name, entity type (automatically filled), justification for access and optionally field to upload a document proving user is allowed to have access to given entity
  • add 'Request Access button' in entity view to trigger procedure of review and approving/rejecting users request for access
  • introduce 'My Access' category alongside 'My Data' and 'Following' categories (user profile). This would be a new relationship between any User and Entity. Presence of the relationship means user has access, absence means no access was granted.
  • introduce API to enable checking if user X has access to entity Y
  • display ownership information for users (when user X views entity Y in UI information whether they have access to the data is visible)

Extra features:

  • provide a mechanism to broadcast access events (user X granted/revoked access to entity Y) to messaging systems like Kafka so it's easily consumed by other products (technical access propagation)
  • possibility to select multiple entities from parent entity (for example request access to several tables (but not all) from schema) as a part of one 'Request Access' action

Describe alternatives you've considered

  • Redirecting OM users to external systems for requesting access to data
  • Reusing extra attributes for certain entities (not possible with every entity) to store ownership info

Additional context We are interested in pursuing this and supporting community with development efforts if this concept is accepted and a target design is agreed upon.

mgorsk1 avatar Aug 02 '23 10:08 mgorsk1