Implementing a Master Data Management (MDM) sometimes seems like a daunting, expensive proposition. Many MDM efforts end being discredited and discarded in the long run. A team of two engineers designed, developed, and implemented a MDM in our organization with a small budget. After three years, this MDM is successfully sharing enterprise data to over 40 consumers, and growing in popularity, with minimum maintenance.

1. How to build and promote a successful MDM solution on a shoestring Pablo Riboldi, PhD Solution Manager for Information Governance & Quality The Church or Jesus Christ of Latter-day Saints

2. Master Data Management (MDM) is a set of processes, technologies, strategies to securely provide accurate and consistent enterprise data. 2 © IRI 2011 Master Data Management - Definition

3. Large 13 million members in 160 countries 53,000 full-time missionaries Materials translated in 83 languages 264 centrally managed databases Largest Genealogy system in the world www.lds.org or www.mormon.org © IRI 2010 3 My Organization

4. Large Organization (Hierarchical) Governing Council (18 members) Departments (23) Silo Organization Independent information systems www.lds.org or www.mormon.org © IRI 2010 4 My Organization

5. Large Organization (Hierarchical) Non Profit Invite people to come to Jesus Christ by Proclaiming the gospel Perfecting the saints Redeeming the dead Clearly defined common purpose and Great people to work with www.lds.org or www.mormon.org © IRI 2010 5 My Organization

6. Data Management Common Method MDM Sharing Consumer Systems Master Data Management Repository MDM Pass-through accounts 2800+ Views DB Links Systems of Record (Enterprise info) 6 © IRI 2011

7. Provide accurate data to Church applications Improve consistency of data reporting across the Church Ensure the security of data Enforce policies for use of data Reduce development time Eliminate the need to maintain master data in each application Decrease maintenance costs 7 © IRI 2011 MDM Goals

8. Designate authoritative sources of master data and select stewards Provide interfaces for cleansing and enrichment of data Share master data from the source with other applications Create a common data model and interfaces for using master data in applications Centralize administration of security and data use policies (at the application level) 8 © IRI 2011 MDM Strategy

10. Denormalized: Star schema with dimensions (entities), facts (measures)

11. Optimized for Reporting (ad-hoc queries)

12. Used for transactional systems

13. Normalized (at least 3NF, usually at 5NF)

15. Normalized (at least 3NF, usually at 5NF)

16. Optimized for CRUD transactions (insert, update, delete)

17. Used for reference by other systems

18. Semi-denormalized (1NF or 2NF)

20. Every target receives the same data model.

22. Establishing the repository: Selection of a data source (MDM_User or another source) Publishing the repository: Create MDMR schema with a common data model in each consuming application database Build applications that use foreign keys to the master data instead of copying the data Use Data Integrator to replicate data to MDMR schemas Re-use same code for every application Use VPD to enforce data use policies specific to each application Create a passthrough account on the source Administer MDMR data privileges for each application centrally (Integration team) 13 © IRI 2011 MDM Implementation includes:

23. Master Data Management – Architecture 1) Master data is integrated, cleansed, enriched, and transformed to the MDM data structuresfrom the systems of record. MDM Source Systems of Record (Master data) Organizations Leaders MDM_USER schema Finance Other systems 14 © IRI 2011

24. Master Data Management – Architecture 1) Master data is integrated, cleansed, enriched, and transformed to the MDM data structuresfrom the systems of record. 2) A set of security packages is defined to restrict columns and rows. MDM Source After Login Trigger Systems of Record (Master data) MDM_SEC schema Organizations Leaders MDM_USER schema Finance Other systems 15 © IRI 2011

25. 3) The After-login trigger applies security policies to the MDM accounts. Master Data Management – Architecture 1) Master data is integrated, cleansed, enriched, and transformed to the MDM data structuresfrom the systems of record. 2) A set of security packages is defined to restrict columns and rows. MDM Source Business Objects Data Integrator After Login Trigger APP_PTM Systems of Record (Master data) MDM_SEC schema Organizations Leaders MDM_USER schema Finance Other systems 16 © IRI 2011

26. 3) The After-login trigger applies security policies to the MDM accounts. 4) Security policies limit the rows and columns available to each MDM account. Master Data Management – Architecture 1) Master data is integrated, cleansed, enriched, and transformed to the MDM data structuresfrom the systems of record. 2) A set of security packages is defined to restrict columns and rows. MDM Source Business Objects Data Integrator After Login Trigger APP_PTM Systems of Record (Master data) MDM_SEC schema Organizations Leaders MDM_USER schema Finance Other systems 17 © IRI 2011

27. 3) The After-login trigger applies security policies to the MDM accounts. 4) Security policies limit the rows and columns available to each MDM account. 5) Data is published to the MDMR at set frequencies. Master Data Management – Architecture 1) Master data is integrated, cleansed, enriched, and transformed to the MDM data structuresfrom the systems of record. 2) A set of security packages is defined to restrict columns and rows. Requesting Application Instance MDM Source Business Objects Data Integrator After Login Trigger APP_PTM Systems of Record (Master data) MDM_SEC schema Organizations Leaders MDMR schema MDM_USER schema Finance Other systems 18 © IRI 2011

28. 3) The After-login trigger applies security policies to the MDM accounts. 6) Requesting App can use IDs as FKs, but should not copy data. . 4) Security policies limit the rows and columns available to each MDM account. 5) Data is published to the MDMR at set frequencies. Master Data Management – Architecture 1) Master data is integrated, cleansed, enriched, and transformed to the MDM data structuresfrom the systems of record. 2) A set of security packages is defined to restrict columns and rows. Requesting Application Instance MDM Source Business Objects Data Integrator After Login Trigger APP_PTM Application Systems of Record (Master data) App. schema APP_PTC MDM_SEC schema Organizations Leaders MDMR schema MDM_USER schema Finance Other systems 19 © IRI 2011

29. How are the policies defined? A database package is defined for each object to be protected. The database package functions reference information stored in the Application Context of the current database session and returns the SQL fragment to be either: Appended to the Where Clause or Used to determine whether or not to show the column contents in the result.

30. Sample policy package CREATE OR REPLACE package MDM_ORG_SEC_PKG as function SET_PREDICATE (OBJECT_SCHEMA VARCHAR2,OBJECT_NAME VARCHAR2) return VARCHAR2; -- row policies ... function VIEW_TIMEZONE (OBJECT_SCHEMA VARCHAR2,OBJECT_NAME VARCHAR2) return VARCHAR2; -- column policies end MDM_ORG_SEC_PKG; / CREATE OR REPLACE package body MDM_ORG_SEC_PKG as CTX_VALUE VARCHAR2(2000) :=NULL; CTX_NAME VARCHAR2(30) :='MDM_SEC_CTX'; -- defines the application context function SET_PREDICATE (OBJECT_SCHEMA VARCHAR2,OBJECT_NAME VARCHAR2) return VARCHAR2 as begin CTX_VALUE:=NULL; CTX_VALUE:=SYS_CONTEXT('USERENV','SESSION_USER'); -- identifies the user associated with this session IF CTX_VALUE = OBJECT_SCHEMA THEN RETURN '1=1'; -- if the user is the same as the object owner, enable all access END IF; CTX_VALUE:=NULL; CTX_VALUE:=SYS_CONTEXT(CTX_NAME,'ORG_PREDICATE',2000); -- gets the where clause fragment to be appended IF CTX_VALUE IS NULL THEN RETURN '1=0'; -- if there is no information in the context, deny all access ELSE RETURN CTX_VALUE; -- return the row constraints END IF; EXCEPTION WHEN OTHERS THEN RETURN '1=0'; end; ... function VIEW_TIMEZONE (OBJECT_SCHEMA VARCHAR2,OBJECT_NAME VARCHAR2) return VARCHAR2 as begin …

31. How do we connect the policy to the database object? First, we define the objects and protected column lists in the MDM repository security tables. Then we execute a set of scripts to: Create a stored procedure that will be used to populated the application context when the user connects. Create the application context and tie to the above stored procedure. Tie the VPD policies to the database objects.

32. MDM Repository Security Tables (part 1) Defines the objects (tables, views, synonyms) to be protected Defines the columns to be protected

33. MDM Repository Security Tables (part 2) For the specific user, this defines the where clause fragment … and the column sets to include with the default columns.

34. We’re done! Now, when the SQL statement is executed: SELECT * FROM MDM_ORG Only those rows / columns authorized are returned in the result set.

35. What do we have in our MDM? Reference Data Sets Languages Geopolitical Locations (Countries, Regions, etc.) Currencies Exchange Rates Master Data Sets Organizations Leaders Employees & reporting hierarchy – in progress Physical Facilities (Churches, Temples, Seminaries, etc.) – in progress

36. How successful is our MDM? We replicate authorized master data to 54 other productions systems (230+ instances) daily. Developers become familiar with the canonical models for master data, which reduces the development cost of using master data. Web services deliver master data from the MDM repository. It takes about 20 minutes to provision master data to a new consumer. Changes in source systems are completely transparent to the consuming systems. Reduce number of DB links to source systems.

37. Thank you! Questions & Answers Pablo Riboldi Solution Manager for Information Governance & Quality riboldipj@ldschurch.org The Church or Jesus Christ of Latter-day Saints Visit us at www.mormon.org