In many different enterprises, multiple applications and data sources exist that create challenges in reconciling and managing a unified view of a data entity across the enterprise. For instance, data related to an entity such as customer or product is strewn across various systems (e.g., applications and data storages). Several of these systems have different data repositories and thus store their own version of the entity data. In other words, the data storages of an enterprise might store different data for a particular entity. This redundant data may cause problems for the enterprise that uses the data.
To overcome this issue, some enterprises maintain a master data set in a master data store. Master data represents the common or shared entities to the transactions that record the operations of the enterprise across the various applications and data storages. One type of master data is master reference data that represents a “best version” of the reference data stored for the particular entity in any of the data storages. The master reference data is defined by one or more attributes (e.g., fields) that are specified by the enterprise (e.g., data administrator, business user). In some enterprises, these data attributes are specified based on the reference data (i.e., data that identifies entities) of multiple different data sources. In addition to master reference data, some enterprises also maintain a “best version” relationship data (i.e., data that expresses a relationship between entities) for some or all the entities associated with the enterprise.
When an enterprise attempts data integration or data sharing via master data or some other means, a problem that arises is security access management of the integrated or shared data. A conventional approach taken by many data integration solution provider to solve the security access management program is to standardize using a single security system provided by the data integration solution provider. However, although it appears practical at a high level, this approach is not without its share of problems. For instance, standardizing on the single security system may require significant changes to an existing enterprise security system or abandoning the existing security system in order to adopt the new security system. Any such pervasive changes across an enterprise come at a significant financial cost and run the risk of breaking existing security functionality.
Additionally, standardizing to a particular security model (e.g., role-based security model, policy-based security model), as is common in the enterprise setting, fails to address the varied security needs within an enterprise setting. Specifically, a particular security model when standardized across the enterprise scales poorly. For example, an enterprise that operates with a relatively small user base is initially able to maintain a policy-based security model. However, as the enterprise grows and the user base becomes larger, the policy-based security model often becomes unmanageable because of the number of complexity of policies necessitating a fundamental change in the security structure of the enterprise and the underlying security processes. Implementing these changes is costly, time-consuming, and error prone.
Accordingly, there is need in the art for a security management system that flexibly operates with different enterprise security systems according to the varying needs of the enterprise. There is a thus a need for a flexible security access manager that integrates at different levels with new and existing enterprise security systems to provide complex security administration for the data maintained in a master data management (MDM) hub or accessed in the enterprise systems through the federated views. Specifically, the security access manager should interface with the different security systems in order to synergize and integrate the capabilities of the different security systems into a single logical security management module that can scale and adapt in a customized manner with little to no change to the underlying security processes and applications of the enterprise.