Here's a revised version of your content for improved clarity and readability:
Privacera User Token¶
The Privacera User Token, referred to as PToken, is a temporary credential issued by Privacera upon user authentication. This token facilitates secure interactions between the Privacera DataServer and AWS APIs or the AWS CLI. Additionally, it is employed for accessing ADLS Gen2 storage in Azure and GCS storage in Google Cloud.
The Privacera User Token consists of two parts: the Access Token and the Secret Key. While similar in function to AWS Access Keys and Secret Keys, these tokens are validated by the Privacera DataServer.
The typical workflow involves the user configuring their AWS CLI or API with PTokens and setting the endpoint to the Privacera DataServer when making an AWS API call. The DataServer then validates the PTokens, authorizes the requested object and operation, and, if the user has the necessary permissions, forwards the request to AWS. This request to AWS is made using Privacera's AWS Access Key and Secret Key, commonly referred to as the Service User Key. This process also applies to Azure and Google Cloud Platform (GCP).
Sample flow for AWS¶
sequenceDiagram
participant User
participant AWS CLI/API
participant Privacera DataServer
participant AWS
User->>AWS CLI/API: Configure with PTokens
AWS CLI/API->>Privacera DataServer: Call AWS API<br> (Set endpoint to Privacera DataServer)
Privacera DataServer->>Privacera DataServer: Validate PTokens
Privacera DataServer->>Privacera DataServer: Authorize object and operation
alt User has required permissions
Privacera DataServer->>AWS: Forward request using Service User Key
end
Privacera DataServer->>User: Return AWS response