It is important to consider the executing user when setting up several system configurations. These include event processors, inbound / outbound integration endpoints, and web service endpoints. Having dedicated user groups for each allows for easy identification of where a data change originated. Stibo Systems recommends that these user groups are configured with super user privileges. This is to avoid any privilege limitations, as the purpose of these users is to provide traceability.
For example, in the following screenshot, the different system configurations that contributed to the revisions on this entity are displayed.
Revision 1: Entity was created via a match & merge inbound integration endpoint.
Revision 2: A data steward actions a clerical review task that results in a merge which causes survivorship rules to be reevaluated.
Revision 3: A web service request causes a data update based on a source record ID match.
Additionally, in the following screenshot shows:
-
The matching event processor user has initiated the entity into clerical review.
-
A data steward actions a task resulting in a merge, and the entity is then removed from clerical review.
Best Practices
Administrators should manage background process (BGP) users within a single user group configured with super user equivalent privileges. Additional considerations:
-
Event processors should have separate unique users.
-
Each Match & Merge Importer should have separate unique users.
-
Every Source System should have unique web service users.
-
BGP users should be process specific. For example: Policy Monitoring & Hotfolder Imports.