Database repository - single or multiple projects per database ?

[Typia]

Hi guys,
regarding database repository I'd like to know what's the best practice to create projects.
Is is intended to have a database per project, or is the database a repository for multiple projects ?

Many thanks

[qwerty]

Well, it just depends on your (unknown) requirements. Both have pros and cons.

q.

[Geert Bellekens]

The default choice should be "single database"

Only if there are requirement that cannot be fulfilled using one database, I will consider multiple databases.

Examples of such requirements
- security. Team A is not allow to see the content of team B.
- Multiple different "live" versions: If you have to use multiple different branches of the same model at the same time.

So I would suggest you just start out with a single database. Splitting a database is easy. Merging two databases is usually much harder.

Geert

[Typia]

Hi,
thanks for your answers.

Only requirement we have is security.
Project Team should only see their projects, but I thought it could be acheived with a single database using EA security ?

[Geert Bellekens]

Hi,
thanks for your answers.

Only requirement we have is security.
Project Team should only see their projects, but I thought it could be acheived with a single database using EA security ?

No, you can (somehow) limit write access to different parts of the model, but you cannot limit read access (unless you use the new feature in Cloud Server Pro that uses row level security)

In my experience however that security requirement is often bogus. In fact, in most organisation it would be beneficial if project teams could see the other teams models.
They could even start working together

The only "valid" reason is if there are contractual or legal limitations (NDA's, security clearance,...)

Geert

[Modesto Vega]

Our repository uses the following structure:

• One database
• A root note for Enterprise Architecture (with multiple packages for various aspects of the enterprise architecture
• A root note for the metamodel (+MDG)
• A root note for Projects with a package per project

Access is controlled through group locks.

[qwerty]

The only "valid" reason is if there are contractual or legal limitations (NDA's, security clearance,...)

I guess that this "validity" is only reasonable in areas where people with black hats and black glasses are employed. Best you present them only a black screen with solidly black filled classes or whatever elements shown on black background. Just let them guess.

Honestly (as Geert said): eventually people start communicating and exchanging information to get the whole thing going. THERE IS NO REASON TO HIDE THINGS (inside one company).

q.

[Typia]

Hi guys,
I come back on the topic.
I work in the finance industry and as ayou may imagine we have a LOT of constraints regarding security.
Team working on a project should not be able to see other projects and we should be able to provide a list of who has access to what any time needed.

Currently we have a model which is painful, each project has it own database and access are controlled via AD groups. So we have as many groups and DB as we have projects (currently more than 100 ..).

I would like to change the way it's done currently, I consider 2 options :

- Option 1 : Keep the 1 database per project, use only 1 AD group to give access to every database on the DB and enable security on every new project selecting only the users allowed to access the project

- Option 2 : Have 1 database for all projects, use only 1 AD group and manage the security within EA

My 3 main constraints are those :

- 1 team should not see other one's project
- On the arborescence it should start on its project and only see it
- I should be able to make reports about which user has access to a project (currently it's easily done  be reporting AD groups)

Many thanks for your help

[Geert Bellekens]

I'm not sure if you can meet your constraints with a single database.

There is something called "row level security" which can be enabled for SQL Server and Oracle, if you have Pro Cloud Server.
This feature should be able to hide parts of a model for those who don't have access. But I've never used this myself, so I can't speak from experience.

Geert

[Typia]

I'm not sure if you can meet your constraints with a single database.

There is something called "row level security" which can be enabled for SQL Server and Oracle, if you have Pro Cloud Server.
This feature should be able to hide parts of a model for those who don't have access. But I've never used this myself, so I can't speak from experience.

Geert

We don't have it yet.
If I go for the first option is there a way to get a report of users allowed in each project ?
Maybe by querying the database directly ?

[Geert Bellekens]

I'm not sure if you can meet your constraints with a single database.

There is something called "row level security" which can be enabled for SQL Server and Oracle, if you have Pro Cloud Server.
This feature should be able to hide parts of a model for those who don't have access. But I've never used this myself, so I can't speak from experience.

Geert

We don't have it yet.
If I go for the first option is there a way to get a report of users allowed in each project ?
Maybe by querying the database directly ?

Yes, but you would need to query each project database separately to.
Look in the table t_secuser. (assuming you use EA user security)

Geert

[Typia]

I'm not sure if you can meet your constraints with a single database.

There is something called "row level security" which can be enabled for SQL Server and Oracle, if you have Pro Cloud Server.
This feature should be able to hide parts of a model for those who don't have access. But I've never used this myself, so I can't speak from experience.

Geert

Hi Geert,
sorry to come back late again on the topic.
Across the EA15 presentations videos I see that I could make multiple root nodes in a project and limit their visibility so users can't even see the root node.
Would this feature help me acheive my goals ?

Many thanks

[Geert Bellekens]

I'm not sure if you can meet your constraints with a single database.

There is something called "row level security" which can be enabled for SQL Server and Oracle, if you have Pro Cloud Server.
This feature should be able to hide parts of a model for those who don't have access. But I've never used this myself, so I can't speak from experience.

Geert

Hi Geert,
sorry to come back late again on the topic.
Across the EA15 presentations videos I see that I could make multiple root nodes in a project and limit their visibility so users can't even see the root node.
Would this feature help me acheive my goals ?

Many thanks

Yes, I guess that is row level visibility feature being demonstrated

Geert

[adepreter]

I would not let security kill my business.
The key is to be able to manage complexity, have end to end traceability and be able to zoom in and out.

Therefore you need one repository with
- a prescribed structure of folders (packages)
- a prescribed structure of elements in these folders
- prescribed diagram types (viewpoints) in that structure of folders and elements

Here is some practical guidance for the structure of such a repository:
https://www.labnaf.one/guidance/index.html?guid=8E24A12E-85BB-4df6-9491-D278B5BD7517

Look at the "Canonical Folder Structure" in the project browser.

You can download a full startup repository as part of the Labnaf trial software package available here:
https://www.labnaf.one/product/labnaf-software-package/

Additional educational material regarding strategy, architecture and most relevant standards is available on www.labnaf.one

Cheers,
Alain

[Uffe]

Hello!


I don't claim to be a security expert as such, but I've worked with EA deployments in defence as well as finance.

Across the EA15 presentations videos I see that I could make multiple root nodes in a project and limit their visibility so users can't even see the root node.
Would this feature help me acheive my goals ?

Probably not.

Yes, I guess that is row level visibility feature being demonstrated

"Demonstrated" is the operative word here. This is fairly new functionality in EA, and there may be subtleties and pitfalls.

I would not trust this mechanism to meet any information security requirements without having done a proper analysis in the context of the proposed deployment.

One thing to look out for with EA and data access is that EA is just a client, and it requires all users to have read and write access to the underlying database. This includes users you may designate as "read-only" and place in a special EA security group with minimal permissions (eg, no permission to change anything or export anything). In other words, if a user with any level of access to an EA project were to use a raw SQL client, such as Microsoft's SQL Server Management Studio, they can access and modify all project content.

Row-level security has been introduced to help address this, but there is no public documentation that goes into any detail beyond the fact that row-level security is applied only to 24 "critical" tables (out of the 94 tables in EA's database schema). However, the documentation does state explicitly that "only models hosted by a Pro Cloud Server are able to make use of this feature", so for client users the old access model still applies.

This means that as long as your users are permitted to connect to the project with the EA client, EA's "visibility levels" feature (or row-level security) does not add any protection from malicious data leakage or corruption.

Since the EA client's security model is trivial to bypass, the only way to achieve meaningful security is to use the security features of the underlying database. This means that the project (which is essentially the same as a database) is the smallest unit at which security protections can be applied.

- 1 team should not see other one's project [content]

The only way to do this is separate projects.

- On the arborescence it should start on its project and only see it

This is automatic with separate projects.

- I should be able to make reports about which user has access to a project (currently it's easily done  be reporting AD groups)

While it would be pretty straightforward to create an in-EA document generation template which lists the content of t_secusers, this doesn't tell you who has access to the database by virtue of being a member of the relevant AD group. For that you still need to look in the AD.

Unfortunately, this all means that neither of your proposed solutions work.

- Option 1 : Keep the 1 database per project, use only 1 AD group to give access to every database on the DB and enable security on every new project selecting only the users allowed to access the project

This does not prevent members of the 1 AD group from accessing all databases with Management Studio. From a security perspective, this is not an option.

- Option 2 : Have 1 database for all projects, use only 1 AD group and manage the security within EA

This is also not an option as discussed above.

Currently we have a model which is painful, each project has it own database and access are controlled via AD groups. So we have as many groups and DB as we have projects (currently more than 100 ..).

At the end of the day, this is the only model that provides any actual security.

Now if in your setup users can't do things like install their own software, use raw SQL clients or run scripts, it might be possible to make the EA security model work. But that would depend on a number of other factors as well. In the general case, the EA client's access model provides no actual security.

I would not let security kill my business.

That's as may be, but there are several industries where security is the business, or is at least integral to it. In those, convenience of use takes a backseat to security, and in those, EA has to be set up the way I've described.


/Uffe