Skip to end of metadata
Go to start of metadata

Page Contents


To help teams maintain asset collections, EDG workflows provide special views and functions that coordinate multiple users in defined change-management processes. Each production asset collection can spawn multiple, independent child workflows of itself, where each workflow's changes are isolated from other workflows and also from the parent's production state until authorized users review, approve, and commit the workflow's changes back to the production state. EDG workflow administrators can also develop custom  workflow templates that have different process-flows or scope of applicability. In EDG's Governance Model , asset collections can be grouped according to either business or data subject areas . Each workflow started on an asset collection associates the workflow's roles to users via any of three user-specification types:

  • individual users or
  • user security roles (e.g., from LDAP) or
  • user job titles, which are defined in the Governance Model's Organizational Structure.

To isolate its changes, each workflow has one working-copy graph of changes from the production state. Note that the copy's include references always refer to other collections' production states, never to other workflow copies.

Collection Permission Profiles: Viewer, Editor, and Manager

For any asset collection, whether a production or workflow copy, access to its basic viewing, editing, and utility functions is controlled according to three nested permission profiles: viewereditor, and manager (where each profile is a superset of the preceding one). On each collection, these permissions are set for various users, either as individuals or as security roles.

In addition to the basic functions discussed here, workflow copies also have actions that cause transitions in the workflow status. Authorizations for the workflow transition actions can be based on these same permission levels (v/e/m) or on governance roles. For an example of such workflow transitions, see the main Workflow View for the Basic workflow.

For example, if Jane manages an asset collection, she can give John viewer privileges for its production copy but editor privileges on any of its workflow copies. John can then change such a workflow copy, and (based on the privileges allocated by Jane, or anyone else with a manager role for that workflow copy) others can see and maybe participate in those changes, but because he only has viewer privileges for the production copy, he cannot commit those changes. Only a manager or editor of the production collection, such as Jane, can commit the changes (after the appropriate reviews).

To summarize, users with viewer access permissions can view or browse a version without changing it; editor access can also change information and commit working copies, and manager access can also control others' access permissions and control overall changes such as deleting a asset collection. A specific user might be a manager of one production asset collection, only an editor for a workflow copy of another production asset collection, and not even a viewer of a third one.

Governance roles associated to the collection's subject area will be automatically granted viewer permission. To view these permissions, see the user roles tab - governance section which lists inferred roles. You can also assign explicit governance role permissions here. To set a collection's subject area, use the settings tab - metadata section.

Permissions for Production Collections and Workflow Copies

Each role's specific permissions depend on whether the resource is a production asset collection or a workflow copy of one.

Permissions for a production asset collection

  • A viewer of a production asset collection can:

    • view and browse it,

    • view a history of its changes,

    • display various reports,

    • export it in a variety of formats,

    • enter its usage information,

    • create tasks, change the status of a task assigned to them and comment on tasks, and

    • create a workflow copy of it to make changes, which will not be applied back to the production one until the changes are reviewed and committed by an editor or manager of that production asset collection.

  • An editor has all viewer permissions and can also make changes to a production asset collection including direct editing and committing changes from any workflow copy.

  • manager has all editor permissions and can also:

    • perform Manage tasks on a production asset collection (for details, see the Manage View section of the Model Management page of a asset collection type),

    • control access privileges to it (that is, grant viewer, editor, and manager roles to users), and

    • import data into it.

Permissions for a workflow copy

Whoever creates a given workflow copy becomes the manager of that workflow copy, even if that user only had viewer privileges of the production asset collection itself. The user can then edit the workflow copy but cannot commit it to Production. A user with editor access to the Production copy will have to commit the workflow.

  • All workflow copy permissions have the prerequisite of the user having at least viewer permissions on the workflow copy's production asset collection.

  • viewer of a workflow copy can:

    • view and browse it,

    • view reports of changes to the workflow copy

    • view reports of what other working copies will be affected by changes to a particular workflow copy

    • run a report comparing a workflow copy to the production asset collection

    • export workflow copy data to a variety of formats

  • An editor has all viewer permissions and can also make changes to a workflow copy including direct edit and publishing of changes from any workflow copy.

  • manager has all editor permissions and can also:

    • control access privileges to a workflow copy (i.e., grant viewer/editor/manager roles to users) and

    • if a workflow is based on the Basic template, WF managers can freeze/unfreeze it to prevent/allow changes, e.g., for reviewing, and they can change the status to Approved or Rejected.

Workflow Transitions and Governance Roles

In the Basic Workflow, the state-action transitions (e.g., freezing/resuming, accepting/rejecting, etc.) are defined in terms of the permission levels: viewer, editor, and manager, which also authorize basic functions on asset collections. Workflow templates also allow workflow transitions to be defined in terms of governance roles (e.g., data steward, subject matter expert, etc.), which bind to users, as individuals, security roles, or job titles.

Workflow Templates

For information on creating custom workflow types, see Governance Model Overview: Workflow Templates and refererences therein.

  • No labels