University of Washington

Project: Data Access Control and Security Metadata Administration Tool

Project lead: Bill Yock, director of enterprise information services

Technologies used: Developed in-house

Bill Yock remembers the bad old days of DMUG meetings at the University of Washington.

DMUG stands for Data Management Users Group, and, as director of enterprise information services, Yock was the technology guy in the room during long debates about who could access certain human resources and financial information in the data warehouse.

"Someone might need access to 10 specific tables for certain job responsibilities, but not 12 other ones," Yock says. "It becomes chaos for IT to customize access that way."

Yock and other IT leaders were convinced there had to be a better way. The first step was to change from a users group to a data-management committee with an official charter from the provost. "We also changed the conversation from data ownership to data stewardship," Yock recalls.

That was 2006. Fast-forward six years and UW is in a much better place in terms of data warehouse access. It has created tools that both automate much of the access provisioning and turn over the decision-making from IT to the data custodians themselves.

The new Data Access Control (DAC) and Security Metadata Administration Tool (SMAT) create a matrix in which users are classified by roles according to their job responsibilities. Data custodians decide which roles get access to specific domains of data. "The whole process becomes transparent," explains Anja Canfield-Budde, senior manager of UW-IT's Decision Support Services group. "It no longer requires the database administrators to guess which level of access each person should have."


The University of Washington's Bill Yock talks about the Data Access Control and Security Metadata Administation tools.

The technology rollout began in 2009. Because the enterprise data warehouse is based on Microsoft SQL Server, the data warehouse team brought in a Microsoft consultant who talked about the possibilities for an agile, flexible security solution. Ultimately, the team developed SMAT as a .NET web application that generates security schemas in XML format, and the DAC tool as Microsoft SQL Server T-SQL-based code. (DAC is integrated with UW's ASTRA user-authorization system, which maintains user identities and other system permission information.)

Since implementation of the SMAT and DAC access controls, the number of users with access to the data warehouse has increased gradually from approximately 50 to more than 5,000. The data warehouse has generated more than 200 new enterprise reports and report execution has grown to more than 25,000 per quarter. "The paradox is that, by applying more security-access controls, we are able to provide broader access," notes Canfield-Budde.

UW's Decision Support Services group operates a website that serves as an information repository for data users on campus. It addresses questions about access, database connections, report writing and deployment, query writing, available data, and more: washington.edu/uwit/im/ds

The data warehouse team members are not resting on their laurels. First, they want to make the tools more user-friendly for the stewards applying security schemes to their data. They also see a need to fine-tune the access-request process, which currently involves e-mail. "The e-mail chains are cumbersome," Yock says. "We are working on automating that."

The tools also will be applied to other business intelligence analytical tools such as multi-dimensional cubes, and could be used to provide access to other systems and repositories of data in the UW system. The code has already been shared with the UW Physicians data warehouse team.

UW has also presented the tools at national conferences. According to Canfield-Budde, the audience response has been so positive that the Decision Support Services team decided to apply for a patent. "We think any higher education organization using SQL Server would be very interested," Yock says. "And if we get more funding, we could port it to other platforms."

About the Author

David Raths is a Philadelphia-based freelance writer focused on information technology. He writes regularly for several IT publications, including Healthcare Innovation and Government Technology.

Featured

  • academic building surrounded by clouds and glowing lightbulbs

    University of Pittsburgh Partners with AWS on Cloud Innovation Center

    The University of Pittsburgh is teaming up with Amazon Web Services to establish a new Cloud Innovation Center focused on health sciences and sports analytics.

  • glowing digital brain made of blue circuitry hovers above multiple stylized clouds of interconnected network nodes against a dark, futuristic background

    Report: 85% of Organizations Are Using Some Form of AI

    Eighty-five percent of organizations today are leveraging some form of AI, according to the latest State of AI in the Cloud 2025 report from Wiz. While AI's role in innovation and disruption continues to expand, security vulnerabilities and governance challenges remain pressing concerns.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.

  • Three cubes of noticeably increasing sizes are arranged in a straight row on a subtle abstract background

    A Sense of Scale

    Gardner Campbell explores the notion of scale in education and shares some of his own experience "playing with scale" — scaling up and/or scaling down — in an English course at VCU.