Skip to content

Here's a revised version of your content for improved clarity and readability:


Privacera User Token

The Privacera User Token, referred to as PToken, is a temporary credential issued by Privacera upon user authentication. This token facilitates secure interactions between the Privacera DataServer and AWS APIs or the AWS CLI. Additionally, it is employed for accessing ADLS Gen2 storage in Azure and GCS storage in Google Cloud.

The Privacera User Token consists of two parts: the Access Token and the Secret Key. While similar in function to AWS Access Keys and Secret Keys, these tokens are validated by the Privacera DataServer.

The typical workflow involves the user configuring their AWS CLI or API with PTokens and setting the endpoint to the Privacera DataServer when making an AWS API call. The DataServer then validates the PTokens, authorizes the requested object and operation, and, if the user has the necessary permissions, forwards the request to AWS. This request to AWS is made using Privacera's AWS Access Key and Secret Key, commonly referred to as the Service User Key. This process also applies to Azure and Google Cloud Platform (GCP).

Sample flow for AWS


sequenceDiagram
    participant User
    participant AWS CLI/API
    participant Privacera DataServer
    participant AWS

    User->>AWS CLI/API: Configure with PTokens
    AWS CLI/API->>Privacera DataServer: Call AWS API<br> (Set endpoint to Privacera DataServer)
    Privacera DataServer->>Privacera DataServer: Validate PTokens
    Privacera DataServer->>Privacera DataServer: Authorize object and operation
    alt User has required permissions
        Privacera DataServer->>AWS: Forward request using Service User Key
    end
    Privacera DataServer->>User: Return AWS response

Comments