Use Case: Managing Access to Sensitive Models using Profiles and Permissions

Objective: To restrict access to sensitive data models (e.g., PII-heavy, or contractual metadata) by configuring Profiles and Permissions in erwin ER360. This ensures only authorized users — such as SDI-approved users or governance team members — can view, edit, or comment on critical models during or after the transition from DVD to OTT platforms.

Workflow for Admin Users

  1. Create user profiles based on access needs (e.g., full access, read-only, no access).

  2. Apply model-level permissions to control who can see or edit sensitive models.

  3. Assign users to appropriate profiles based on their role or responsibility.

  4. Monitor and audit access using erwin ER360’s built-in tools to ensure compliance.

User Profiles and Permissions

Profile

Key Permissions

Admin User

All permissions including Catalog Management, Library, Model, Permission Management, User Management, Settings, Indexing, Harvest, Browse Metadata, Enterprise Architecture, View, Collection, Worksheet

Data Modeler

Model, Worksheet, View, Collection, Indexing, Browse Metadata

Business User

View, Collection, Worksheet, Browse Metadata

Data Governance

Permission Management, User Management, View, Collection, Worksheet, Browse Metadata

Developer

View, Collection, Worksheet, Browse Metadata

Viewer

View only, Browse Metadata

Workflow for Admin Users (Managing Access to Sensitive Models):

  1. Identify Sensitive Models:

    • Admin or Governance Team identifies models with the following and mark them SDI in erwin DM:

      • PII

      • Regulatory/compliance metadata

      • Business-critical architecture

  2. Create a Restricted Collection

    • Admin creates a Collection (e.g., “Restricted Models”) containing these models.

  3. Configure Permissions Based on Profile

    • Using Permission Management, the Admin:

      • Grants edit/view rights to Data Modelers and Governance

      • Grants view-only rights to Developers

      • Restricts or denies access for Business Users and Viewers

  4. Assign Users to Profiles

    • Admin uses User Management to assign users to the correct roles.

    • Ensures that restricted content is not exposed to unapproved users.

    • Review Changes

    • Once the changes are saved, make sure to enable the Apply permission with Search under settings.

  5. Monitor Access

    • Periodic reviews ensure compliance with governance policies.