Approval Workflow
Managing the approval of data usage agreements via workflows.
Data Usage Agreements represent the edges in the data mesh graph. They are the basis for granting access or revoking access to the actual data in the data platform. On activation, the access is granted, and on deactivation, the access is revoked. Data Usage Agreements are requested by data consumers and need to be approved or rejected by data providers. The approval of data usage agreements can be managed via workflows.
The Data Mesh Manager offers three ways to manage the approval of data usage agreements:
No Approval Workflow
For uncritical data, no approval workflow is necessary. A data consumer simply gets the data they need, without the data producer having to approve anything.
The Data Mesh Manager supports this via the auto approve feature. When an output port has this feature enabled, all requested data usage agreements to this output port are automatically approved. Additionally, in the special case of sharing data within a domain team, the data usage agreement is automatically approved as well, regardless whether the feature is enabled of the output port.
But in any case, a data usage agreement is always created, and the data consumer has to provide reasoning why they want to use the data. This is necessary to create a sensible lineage between the data products.
Simple Approval Workflow
For sensitive data, an approval workflow is necessary. A data consumer requests access to the data they need, and the data producer approves or rejects the request.
The Data Mesh Manager supports a simple approval workflow in the web ui. After a data usage agreement has been requested by the data consumer, the owner of the providing data product can approve or reject the request within the Web UI of the Data Mesh Manager.
External Approval Workflow
In larger companies, there might already exist a complex approval workflow in a dedicated system.
The Data Mesh Manager supports the integration of an external approval workflow via its REST API. The data usage agreements would still be requested in the Data Mesh Manager, but this would trigger an AccessRequestedEvent
in /api/events
which should start the approval workflow in the external approval system. The external approval system can add a link to where the current decision is being made back to the Data Mesh Manager adding to the access resource by updating the REST resource (/api/access/$id
). Once a decision has been reached in the external approval system, the access can be approved or rejected via the appropriate API calls (/api/access/$id/approve
and /api/access/$id/reject
) to the Data Mesh Manager, including additional metadata about the decision.
To always enforce the external approval workflow, the Data Mesh Manager offers a way to deactivate the simple approval workflow. (under development)
To see how such an integration can look like, we offer an open source integration module. (under development)