# Glossaries, Terms & Tags {% hint style="info" %} ### The Fundamental Challenge **Business Terms: The Foundation of Data Understanding** Imagine walking into a massive library where every book is written in a different language, with no translations, no common indexing system, and where the same business concept - "customer," "revenue," or "conversion rate" - has 50 different names and definitions depending on who wrote about it. Marketing calls it "lead conversion," Sales tracks "deal closure rate," and Finance measures "revenue recognition efficiency," but they're all referring to similar business processes. That's essentially what modern enterprise data environments look like without a standardized business glossary. **Pentaho Data Catalog (PDC)** is designed to solve the enterprise data discovery and governance challenge, but without business glossaries that define terms like "Annual Recurring Revenue," "Customer Lifetime Value," or "Net Promoter Score," it's like having a powerful search engine that can only search for cryptic technical codes (like "CUST\_LTV\_CALC\_FLD" or "REV\_REC\_AMT") rather than the business meanings that stakeholders actually understand and use in their daily decision-making. Business terms serve as the critical bridge between technical data assets and business value, enabling everyone from C-suite executives to business analysts to speak the same data language when discussing key performance indicators, business rules, and strategic metrics. {% endhint %} Here's the problem:

{% tabs %} {% tab title="Glossary & Business Terms" %} {% hint style="info" %} #### Glossary & Business Terms {% endhint %} How a Glossary and Business Terms are the solution: {% tabs %} {% tab title="Translation Layer" %} {% hint style="info" %} #### Translation Layer PDC's powerful search and discovery features are only useful if users can find what they're looking for. Glossaries provide the business vocabulary that makes technical assets discoverable by non-technical users. {% endhint %} **Without Glossary:** * User searches for "client type" → No results * User searches for "customer classification" → No results * User gives up, emails IT, waits 3 days * IT explains it's called CUST\_TYPE\_CD * User forgets by next month, cycle repeats **With Glossary:** * All variations point to single business term: "Customer Type" * Definition: "Classification of customer as Individual (I) or Store (S)" * User finds it immediately, understands it, uses it correctly {% endtab %} {% tab title="Semantic Understanding" %} {% hint style="info" %} #### The Problem: Consider the term "Status" in AdventureWorks: * Order Status (1=Processing, 2=Shipped, 3=Delivered) * Employee Status (A=Active, T=Terminated, L=Leave) * Payment Status (P=Pending, C=Completed, F=Failed) * Inventory Status (1=Available, 2=Reserved, 3=Backordered) Without context, "Status = 1" is meaningless. {% endhint %} **How a Glossary provides context:** ```json { "name": "Order Status", "definition": "Current state of customer order in fulfillment process", "valid_values": { "1": "In Process - Order received, not yet shipped", "2": "Approved - Payment verified, ready to ship", "3": "Backordered - Awaiting inventory", "4": "Rejected - Payment failed or cancelled", "5": "Shipped - Left warehouse", "6": "Cancelled - Customer cancelled" }, "business_rules": "Orders move from 1→2→5 normally. Status 3 triggers reorder." } ``` {% hint style="info" %} PDC can now: * Show users what values mean, not just what they are * Enable accurate filtering (find all "Shipped" orders, not "Status=5") * Prevent misinterpretation in reports * Apply appropriate data quality rules per status type {% endhint %} {% endtab %} {% tab title="Lineage & Impact Analysis" %} {% hint style="info" %} #### The Scenario: The finance team wants to change how "Revenue" is calculated. {% endhint %} **Without Glossary:** * Which of these 47 fields containing "revenue," "sales," or "amount" are affected? * What reports will break? * Which dashboards need updating? * Who needs to be notified? **With Glossary:** The glossary term "Total Revenue" shows: * **Calculation:** SubTotal + Tax + Freight * **Source fields:** Sales.SalesOrderHeader.SubTotal, TaxAmt, Freight * **Used in:** 23 reports, 8 dashboards, 3 ML models * **Stakeholders:** Finance, Sales, Operations teams * **Downstream impacts:** Commission calculations, quarterly forecasts {% hint style="info" %} PDC uses glossary relationships to: * Track data lineage from source to consumption * Perform impact analysis before changes * Identify all stakeholders affected by modifications * Ensure changes don't break critical processes {% endhint %} {% endtab %} {% tab title="Compliance & Governance" %} {% hint style="info" %} #### The Challenge: GDPR auditor asks: "Show me all personal data you collect about EU citizens and prove it's protected." {% endhint %} **Without Glossary:** * Manual database scan (500+ tables) * Guessing which fields contain PII * No documentation of protection measures * Weeks of preparation for audit * High risk of missing critical data **With Compliance Glossary:** ```sql SELECT * FROM glossary_terms WHERE tags LIKE '%pii%' AND tags LIKE '%gdpr%' ``` Results instantly show: * All 47 PII fields * Protection status (encrypted, masked, etc.) * Retention periods * Legal basis for processing * Access controls in place {% hint style="info" %} PDC becomes your compliance command center: * Automatically identifies sensitive data * Enforces governance policies * Generates audit reports * Tracks consent and retention * Proves regulatory compliance {% endhint %} {% endtab %} {% tab title="Data Quality" %} {% hint style="info" %} #### The Data Quality Challenge: How do you know if "Customer Type = X" is an error? {% endhint %} **Glossary enables Data Qualiity Rules:** ```json { "name": "Customer Type", "valid_values": ["I", "S"], "quality_rules": { "completeness": "NOT NULL", "validity": "IN ('I','S')", "consistency": "If Store_Name EXISTS, then Customer_Type = 'S'" } } ``` {% hint style="info" %} PDC uses glossary definitions to: * Automatically generate data quality rules * Identify invalid values * Flag inconsistencies * Track quality metrics over time * Prevent bad data from entering systems {% endhint %} {% endtab %} {% endtabs %} {% endtab %} {% tab title="Tags" %} {% hint style="info" %} #### Tags When building a business glossary in your data catalog, one of the most common questions is: "Should my tags match my business terms?" The short answer is no—and understanding why will save you from a maintenance nightmare. Think of tags and business terms like two different tools in your toolkit. Business terms are your formal, governed vocabulary with official definitions. They require approval, have clear ownership, and represent the "official" way your organization talks about data. They're the dictionary. Tags, on the other hand, are lightweight labels that help people find things quickly. They're informal, flexible, and can be created on the fly. Think of them as sticky notes rather than encyclopedia entries. The tags provide **quick discovery**, while the business term provides **authoritative meaning**. {% endhint %} **Good Pattern:**

Dictionary	Action
Assign Table Tag:	Contains_Personal_Data (inheritance)
Assign Business Term:	"Personal Identifier" (formal definition)
Assign Tags:	PII, GDPR_Personal_Data, Sensitive (quick filters)

{% hint style="info" %} A better pattern uses business terms for formal definitions and tags for practical classification. For your GDPR compliance glossary, this might look like assigning the business term "Personal Data - Contact Information" (with a formal definition linking to GDPR Article 4) while using tags like `PII`, `GDPR_Personal_Data`, and `contact_info`. The business term tells users what the data officially means. The tags help them find it through multiple paths—by sensitivity level, regulation, or functional category. {% endhint %} *** {% hint style="info" %} #### Tagging Strategy The tagging strategy creates a **flexible classification system** that works alongside your formal business glossary. While your glossary terms define *what something is* ("Social Security Number"), tags describe *what it does, requires, or relates to* (`PII`, `encryption-required`, `reg-hipaa`, `risk-critical`). The strategy organizes tags into controlled categories—regulatory, security, lifecycle, functional, and technical—each serving a specific governance purpose. This multi-dimensional approach allows one piece of data to be discovered and managed through multiple lenses simultaneously. {% endhint %} | Tag Type | Owner | Approval Required | Can Users Add? | | ---------------- | ------------------ | ----------------- | -------------- | | Regulatory Tags | Compliance Team | Yes | No | | Sensitivity Tags | Security Team | Yes | No | | Domain Tags | Data Stewards | Yes | No | | Functional Tags | Data Owners | No | Yes (curated) | | Technical Tags | Data Engineers | No | Yes | | Discovery Tags | Data Catalog Admin | No | Yes | {% hint style="info" %} ## Tagging Strategy **Example - SSN** Consider how "SSN" gets enriched with tags: It inherits `PII`, `personal-data`, and `compliance` from its parent category, then receives specific tags like `sensitive-PII`, `government-ID`, `reg-hipaa`, `risk-critical`, `encryption-required`, and `retention-indefinite`. Each tag triggers specific actions: `encryption-required` tells your database team to enforce encryption; `dlp-monitor` activates data loss prevention scanning; `mfa-required` enforces access controls; and `retention-indefinite` prevents automated deletion. When an auditor asks "show me all data requiring HIPAA compliance," they filter by `reg-hipaa` and immediately see SSN, Date of Birth, and related audit trail terms—even though these live in different glossary categories. **Why this matters** This approach solves the **"one term, multiple perspectives"** problem. Your CFO cares that SSN is `domain-finance` for tax reporting. Your security team cares it's `risk-critical` and `encryption-required`. Your compliance team cares it's `reg-gdpr` and `reg-hipaa`. Your data engineers care it's `tech-tokenization-recommended` and `dlp-monitor`. Without tags, you'd need to duplicate the SSN term across multiple glossaries or categories. With tags, one term serves all stakeholders, and each can filter, search, and automate based on their specific needs—making your data catalog truly operational, not just documentary. {% endhint %} x {% tabs %} {% tab title="First Tab" %} x {% endtab %} {% tab title="Tag Matrix" %} {% hint style="info" %} #### Tag Matrix {% endhint %}

Hierachy Level	Name	Purpose	AW Tags
Domain	AW Compliance & Data Governance	Strategic	`compliance` `data-governance` `enterprise-wide` `regulatory` `privacy` `security` `adventureworks` `data-stewardship`
Category	Audit & Monitoring	Tactical / Functional	`audit` `monitoring` `traceability` `logging` `compliance-tracking` `security-monitoring` `data-lineage`
Term	Access Logs	Operational	`access-log` `security-monitoring` `user-activity` `authentication` `authorization` `SIEM-integration`
Term	Audit Trail	Operational	`audit-trail` `compliance-log` `immutable` `forensic-evidence` `regulatory-requirement` `retention-7-years`
Term	Change Log	Operational	`change-log` `version-control` `data-modifications` `accountability` `compliance-evidence` `SOX-relevant`
Term	Data Lineage	Operational	`data-lineage` `data-flow` `impact-analysis` `transformation-tracking` `source-to-target` `GDPR-Article-30`
Category	Data Classification	Tactical / Functional	`data-classification` `sensitivity-levels` `access-control` `information-security` `data-handling`
Term	Confidential Data	Operational	`confidential` `restricted-access` `encryption-required` `need-to-know` `high-risk` `breach-notification`
Term	Internal Data	Operational	`internal-use-only` `employee-access` `standard-encryption` `no-external-sharing` `medium-risk`
Term	Public Data	Operational	`public` `unrestricted` `no-encryption-required` `external-sharing-allowed` `low-risk`
Term	Restricted Data	Operational	`restricted` `highly-sensitive` `executive-approval-required` `strict-encryption` `audit-trail-required` `critical-risk`
Category	PII Data	Tactical / Functional	`PII` `personal-data` `privacy` `data-subject-rights` `sensitive-data` `GDPR-relevant` `protected-information`
Term	Email address	Operational	`PII` `contact-information` `identifier` `GDPR-Article-4` `maskable` `encrypted-at-rest` `retention-policy`
Category	Regulatory Compliance	Tactical / Functional	`regulatory` `compliance-frameworks` `legal-requirements` `industry-standards` `mandatory-compliance` `audit-requirements`
Term	GDPR	Operational	`GDPR` `EU-regulation` `data-protection` `privacy-law` `right-to-erasure` `data-portability` `consent-required`
Term	SOX	Operational	`SOX` `financial-compliance` `US-regulation` `internal-controls` `financial-reporting` `audit-required`
Term	PCI-DSS	Operational	`PCI-DSS` `payment-security` `cardholder-data` `industry-standard` `encryption-required` `network-security`
Term	HIPAA	Operational	`HIPAA` `healthcare` `PHI` `US-regulation` `medical-privacy` `security-rule` `privacy-rule`

{% endtab %} {% endtabs %} {% endtab %} {% endtabs %}