Data Catalog Integration - Access Tags¶
Privacera provides integration with data catalogs such as Collibra, Alation, DataHub and Apache Atlas to enable centralized, metadata-driven access control. This integration allows organizations to import classification tags from external catalogs into Privacera's Tag Service, where they can be used in policy enforcement.
- Tags defined in external data catalogs (e.g.,
PII,Confidential,CustomerData) can be mapped to Privacera tag definitions. - Once mapped, these tags can be used in tag-based policies for access, masking, and auditing.
- Integration may involve API connectors, scheduled sync, or custom scripts.
Tag Mapping and Customization¶
Because data catalogs often use their own tagging models and metadata schemas, some customization is usually required:
| Integration Step | Description |
|---|---|
| Tag Mapping | Map external tag names to corresponding Privacera tag names |
| Attribute Mapping | Convert catalog-specific attributes (e.g., classificationLevel, steward) to tag metadata |
| Resource Association | Ensure that the tags in the catalog are correctly mapped to resource identifiers |
Custom connectors or transformations (e.g., Python scripts, ETL tools) may be used to perform these mappings.
Supported Catalogs¶
| Catalog | Integration Method | Notes |
|---|---|---|
| Collibra | REST API / Metadata export | Requires mapping of Collibra assets to resources |
| Alation | Alation API | Can extract tags, attributes, and lineage |
| DataHub | REST API | Event-driven or polling integration |
| Apache Atlas | Native Ranger integration | Supports tag sync via Atlas-Ranger bridge |
Example Workflow¶
sequenceDiagram
title Data Catalog Tag Integration Flow
participant DataCatalog
participant IntegrationScript
participant PrivaceraTagService
participant PolicyEngine
DataCatalog->>DataCatalog: Tag 'PII' applied to email, ssn fields
IntegrationScript->>DataCatalog: Pull tag metadata on schedule
IntegrationScript->>PrivaceraTagService: Push tag definitions and resource mappings
PrivaceraTagService->>PrivaceraTagService: Create/Update tags and associations
PolicyEngine->>PrivaceraTagService: Fetch tag mappings during enforcement
PolicyEngine->>PolicyEngine: Apply tag-based access/masking policies- A
PIItag is defined in Data Catalog and applied to theemailandssnfields of a data asset. - A scheduled integration script pulls tag metadata and applies it to Privacera's Tag Service.
- Privacera creates or updates the tag and associates it with corresponding resources (e.g., Snowflake table columns).
- Tag-based masking or access policies are automatically applied.
Best Practices¶
- Establish a consistent taxonomy and naming convention across catalogs and Privacera.
- Include data owners and governance teams when defining tag categories and mapping rules.
- Perform regular sync and validation to avoid stale or missing tags.
- Use automated QA scripts or audits to confirm tag integrity across systems.
Related Topics¶
- Prev :Tag Management