User Guide - Access Management

Access Management Overview¶

Privacera's Access Management enables organizations to define, enforce, and monitor data access policies across their entire data ecosystem. Leveraging the industry-leading Apache Ranger framework, Privacera provides comprehensive access control through fine-grained policies, ensuring secure, compliant, and auditable access to your sensitive data.

Key capabilities include:

• Fine-Grained Access Control (FGAC): Manage permissions at a granular level, including table, column, row, and object-level access control.
• Attribute-Based Access Control (ABAC): Define policies based on user attributes, data attributes, and environmental conditions, allowing for dynamic and context-aware access control.
• Tag-Based Access Control (TBAC): Streamline policy management by applying permissions to data based on tags and classifications.
• Role-Based Access Control (RBAC): Define policies based on user roles and groups, simplifying policy administration.
• Dynamic Data Masking and Row-Level Filtering: Automatically apply masking and filtering rules based on user roles or attributes.
• Multi-Tenancy Support: Isolate data resources and delegate policy management across different business units or teams.
• Centralized Policy Administration: Manage and monitor policies from a unified interface, with full auditability and traceability of data access events.

The subsequent sections will provide detailed information on how to configure and manage access policies using Privacera's Access Management features.

Core Access Control Concepts¶

• About Fine-Grained Access Control (FGAC)
• About Object-Level Access Control (OLAC)

Policy Definitions¶

• Access Policy Definition (Overview)
• Row-Level Filtering
• Column Masking
• Resource Definitions
• Policy Items
• Deny Policies
• Excluding Policies
• Policy Overrides

Resource, Attribute and Tag-Based Access Policies¶

• Resource-Based Policies
• ABAC Overview
• ABAC Attributes
• ABAC Macros
• ABAC Operators
• Managing ABAC Policies
• Tag-Based Access Control (TBAC)
• Tag Management
• Data Catalog Integration - Access Tags

Users and Roles Management¶

• User Principals
• Privacera UserSync
• Delegated Admins
• Security Zones

Policy Logic and Behavior¶

• Actions and Permissions
• Policy Conditions
• Time Validity Macros

Auditing and Visibility¶

• Service Explorer
• Access Audits
• Admin Audits

For permissions to these features, see: Portal Roles and Permissions

Comments