Data Governance - Knowledge Catalog

 View Only

6 Tips on how to use categories to manage governance artifacts in Watson Knowledge Catalog

By Susanna Tai posted Sun November 29, 2020 08:23 PM


In Watson Knowledge Catalog in Cloud Pak for Data v3.5, you can now assign users and data stewards to categories to determine who can view or manage governance artifacts owned by the category. The category collaborator roles can also be leveraged in workflows to automatically direct workflow steps to the right people for reviews and approvals.

With this new capability, the business community can be empowered to self-govern their own business assets. 

This article aims to highlight some key steps as you plan and implement the stewardship of your governance artifacts.

1 - Decide on the categories and hierarchies

The first decision to make for any organization is to decide on the category hierarchies that will be needed to organize and manage their governance artifacts, namely business terms, policies, governance rules, reference data, data classes and classifications. Typical examples are category hierarchies that are based on lines of business, business processes, or geography. The key consideration is to determine which users or groups of users will be responsible for managing which governance artifacts, and then group those governance artifacts into categories accordingly. Although there is no limit to the number of hierarchies, categories or levels in WKC, we recommend hierarchies that are within 5 levels deep in order to optimize usability and performance. Generally, the simpler the structure, the easier it is for your users to navigate. With category users and permissions, the number of categories will also impact performance as we need to evaluate whether a user has permission to perform a particular action on a given governance artifact based on the user’s role in the category that owns it.

2 - Ensure users have the required CPD platform permissions 

To access categories and governance artifacts, the user must have at least one of two CPD platform permissions:

  • Access governance artifacts
  • Manage governance categories

Access governance artifacts

Any user who needs to view or manage categories and governance artifacts must be assigned a CPD User Role that has the “Access governance artifacts” platform permission. Out-of-the-box, these User Roles have the “Access governance artifacts” permission:

  • Administrator
  • Data Engineer
  • Data Quality Analyst
  • Data Steward

The “Access governance artifacts” platform permission only gives the user the permission to access categories and governance artifacts. The user must also be added to specific categories as category collaborators and assigned a category role before he can view any category, create sub-categories, add new business terms to a category, or update governance artifacts owned by the category.


Manage governance categories

The “Manage governance categories” platform permission gives the user the same privileges as “Access governance artifacts”, plus the ability to create top-level categories. Out-of-the-box, the following User Role has the “Manage governance categories” permission:

  • Administrator

If there are other non-Administrator users who need to create the top-level categories, then either create a custom User Role for these users or update an existing User Role with this platform permission.

Users who have the "Manage governance categories" permission will see the Add category button in the Categories page.

3 - Add users and data stewards to categories   

Once the top-level categories are created, it is the assigned category Owners and Admins who can then manage the category and its sub-categories.

For example, a member of the CDO team who has the “Manage governance categories” platform permission creates the top-level categories needed for the organization. As creator of the category, he is automatically added as Owner of the category.  He can then add other business users as Owners to the top-level categories. Thereafter, it is up to the Owners (or Admins) of each category to decide what sub-categories to create, who can access the category and its sub-categories, and what these category collaborators are allowed to do based on their assigned category roles.

Only users with the “Access governance artifacts” or “Manage governance categories” platform permissions can be added to a category as category collaborators.

When adding a user to a category, you must assign a category role.  The table below lists the 5 out-of-the-box category roles and the permissions associated with each role.

Any user must have at minimum Viewer role in the category in order to view the category, its governance artifacts and their details. Users who have no access to the category will not see the category in the tree or list views, nor will the category and the governance artifacts it owns (through primary category associations) be returned in searches.

Similarly, in order for a Data Steward to create governance artifacts, he must have at minimum Editor role in at least one category. The New business term button (or other governance artifact) will only appear for users who have the category role(s) that give them permission to create governance artifacts. If you don't see the New business term button, that means you are not an Editor, Admin or Owner in any category.


4 - Understand how inheritance works in categories

Users added at a given category with a given role will automatically have the same access rights in both the category and its sub-tree. The inherited users and roles apply to the entire category sub-tree and cannot be blocked at specific lower category nodes. However, users can be assigned a different role, typically with more privileges, further down the category tree.

A practical setup will be to give all business users view-only access to all categories. Only specific users such as Data Stewards who need to manage specific categories and their governance artifacts will be assigned additional roles like Editor, Admin or Owner roles at those categories.

Hence a given user’s permissions in a category are accumulated from all the assigned roles the user has for that category.  The role(s) may be assigned to the user directly in the category, or they may be inherited from the parent category.


5 - Leverage the “All users” group in categories 

In v3.5, the only user group that can be added to a category as collaborator is the “All users” group.  This is a meta group at the CPD level which includes all CPD users that have been added through CPD User Management. Many organizations want to give all users in the organization view-only access to the entire glossary available. To enable this, ensure that the “All users” group is added as category collaborator in the top-level categories with “Viewer” role.  This will allow all CPD users who have either the “Manage governance categories” or “Access governance artifacts” platform roles to view all categories and governance artifacts.


6 - Configure workflows by categories and category roles

You can configure specific workflows based on the category that owns the governance artifacts, the artifact type and action to be performed. Therefore, category owners can dictate what approval steps are required for different artifact types managed in the category depending on the action. For example, one can set up a workflow for creating business terms in the Product category to allow auto-publish, while updating terms in the same category will require 2 approvals.


Workflow can also automatically route workflow tasks to users who have specific roles in the category that owns the governance artifact that is being created or updated. In the workflow configuration example below, the Owners and Admins of the category will be automatically assigned the approval tasks for the selected governance artifacts managed in the category.



To learn more about how to organize and manage governance artifacts with categories, here’s the link to our documentation.