One Way Out
urn:js:virtue:aspire:principle:11.1
TL;DR
Access for consumers must only be provided in a controlled manner via the data access layer.
Rational
Users such as the Data Scientists can be given access to the underlying layers indirectly via the data access layer.
The key drivers are:
- Border control – Manage data access, quality, consistency, integrity and security in one location – i.e. data access layer. This will eliminate data anomalies, inconsistencies and dirty reads that could occur by accessing the underlying layers directly.
- Lockdown data preparation layers – Giving users direct access to the underlying data preparation layers not only raises security concerns but will frequently result in data read inconsistencies. The potential implication is:
- Ease of access – The data will be structured for ease of access for the tools used by the consumers.
Implications
The potential implication is:
- Tailored views – Give each group of users their own tailored set of views of the underlying base data.
- Higher administrative effort – Providing tailored views of the underlying data could potentially result in a larger number of objects to create and manage. However, this can be mitigated by adopting a Role-Based Access Control (RBAC) approach. This will take considerably less effort than applying permissions at the individual user-level.