Skip to content

Data Catalog

Overview

The Data Catalog provides a comprehensive view of all data assets in your organization, enabling users to browse, search, and explore databases, schemas, tables, and columns across all connected data sources. It serves as a centralized metadata repository that facilitates data discovery, understanding, and governance.

Accessing the Data Catalog

To access the Data Catalog:

  1. Navigate to Governance Hub in the left sidebar
  2. Select Data Catalog

The Data Catalog interface displays all data sources that have been configured and are accessible to your account.

Data Catalog Interface

The left panel shows a hierarchical tree view of your data assets:

  • Data Sources: Top-level nodes representing connected systems (e.g., Snowflake, Databricks Unity Catalog)
  • Resource Hierarchy: Each data source displays its resources in a hierarchical structure. The specific resource types depend on the data source and may include databases, schemas, tables, columns, functions, connections, notebooks, volumes, buckets, and other data source-specific resources.

You can expand and collapse nodes to navigate through the hierarchy and select resources to view their details. The exact resource types and hierarchy vary based on the connected data source type.

Search and Filter

Use the search bar at the top of the navigation tree to quickly find specific resources:

  • Enter resource names to filter the tree view
  • Search works across all resource types within the data source
  • Results update dynamically as you type

Resource Details

When you select a resource (such as a table), the main panel displays detailed information organized into tabs:

Overview Tab

The Overview tab provides resource-specific information. The exact content depends on the resource type, but typically includes:

  • Resource Information: Full path, owner, and metadata
  • Structure Details: Resource-specific elements (e.g., columns for tables, functions, connections)
  • Tags: Tags assigned to the resource
  • Security Policies: Masking rules, row filters, and access controls that apply to the resource
  • Search and Filter: Quick filtering capabilities for large resources

Tags Tab

The Tags tab shows all tags applied to the selected resource and its elements. This view provides comprehensive tag information across the resource hierarchy.

Key Information Displayed:

  • Resource: The specific element (column, table, etc.) where the tag is applied
  • Tag Name: Name of the applied tag
  • Attributes: Attribute values configured for the tag (e.g., "sensitivity_level: high", "value: prod")
  • Supported Resource Types: Which resource types the tag can be applied to (e.g., "column", "All Resources")
  • Source: Origin of the tag application (e.g., "Portal", "Discovery")
  • Actions: Available actions like edit or remove tags

Features:

  • Resource Type Filters: Filter tags by resource type (Table, Column, etc.)
  • Search Tags: Quickly find specific tags using the search bar
  • Tag Count: View the total number of tags applied (shown in the tab header)
  • Hierarchy View: See tags applied at different levels (table-level vs column-level)
  • Attribute Details: View configured attribute values for each tag instance
  • Manage Tags: Add, edit, or remove tags directly from this view (with appropriate permissions)

Permissions Tab

The Permissions tab displays detailed access control information for the selected resource and its elements. This comprehensive view shows permissions from both resource-based and tag-based policies, helping you understand who has access and what they can do.

Key Information Displayed:

  • Resource: The specific element (table, column, etc.) covered by the permission
  • ID: Policy ID for reference and tracking
  • Type: Permission type such as:
    • Access: Standard access permissions (SELECT, INSERT, UPDATE, DELETE, etc.)
    • Row Level Filter: Dynamic filtering rules applied to table data
    • Masking: Data masking/anonymization rules applied to columns
  • Permission: Specific actions allowed (SELECT, DELETE, TRUNCATE, REFERENCES, etc.)
  • Affected Parties: Users and groups granted these permissions
  • Policy Rule: Conditions or rules applied (e.g., row filter conditions, masking types)

Policy Types Displayed:

The Permissions tab shows permissions from multiple policy types:

  • Resource-Based Policies: Policies directly assigned to specific resources (databases, schemas, tables, columns)
  • Tag-Based Policies: Policies that apply to resources based on their assigned tags
  • Combined Policies: The effective permissions are shown, combining both resource-based and tag-based policies

Features:

  • Resource Type Filters: Filter permissions by resource type (Table, Column) using checkboxes
  • Search: Quickly find specific policies or users
  • Permission Count: View the total number of permissions (shown in the tab header)
  • Policy Details: Click on policy IDs to view full policy configuration
  • Rule Visibility: See actual policy rules and conditions applied to data:
    • Row filter conditions (e.g., LOCATION = 'Region_A')
    • Masking types (e.g., Mask Type: MASK_HASH, Mask Type: MASK_SHOW_LAST_4)
  • Multi-User View: See all users and groups affected by each policy
  • Comprehensive Coverage: View all permission types (access, filtering, masking) in one place

Permission Types Explained:

  • Access Permissions: Standard database permissions like SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, etc.
  • Row Level Filters: Dynamic filters that limit which rows users can see based on policy conditions
  • Masking Rules: Data obfuscation rules that hide or transform sensitive data (hash, nullify, partial masking, etc.)

This tab provides complete visibility into the effective permissions for the resource, helping users understand their access level and administrators audit security policies.

Working with Tags

The Tags tab in the Data Catalog provides a comprehensive view of all tags applied to a resource and its elements.

Viewing Tag Details

When you open the Tags tab for a resource, you'll see:

Tag Application Hierarchy:

  • Column-Level Tags: Tags applied to individual columns within the resource
  • Resource-Level Tags: Tags applied to the entire resource (e.g., table, view)
  • Inherited Tags: Tags can be inherited from parent resources

Viewing Tags

Tags applied to resources appear as badge labels in the Data Catalog. For example:

  • SENSITIVE - Data requiring protection
  • RESTRICTED - Highly confidential data
  • REGULATED - Data subject to compliance regulations
  • PUBLIC - Publicly accessible data

Applying Tags

To apply tags to resources in the Data Catalog:

Manual Tag Application:

  1. Navigate to the resource you want to tag
  2. Select the resource where you want to add tags
  3. Access tag management options
  4. Choose from existing tags or create new ones
  5. Save the tag assignments

Programmatic Tag Application:

For automated and bulk tag operations, you can use Privacera's REST APIs to:

  • Create tag definitions
  • Register resources in the metadata catalog
  • Apply tags to resources with attribute values
  • Automate tagging workflows

See Programmatic Tag Management APIs for detailed API documentation including endpoints, payloads, and examples.

Tags can be applied at different resource levels depending on the data source. For example:

  • Container Level: Tags apply to databases, or schemas
  • Object Level: Tags apply to tables, views, functions or columns

Understanding Permissions in the Data Catalog

The Permissions tab provides transparency into access control, enabling both end users and administrators to understand the security posture of data resources. The tab displays permissions from both resource-based and tag-based policies, providing a complete view of access control.

Permission Policy Types

The Data Catalog displays permissions from two primary policy types:

Resource-Based Policies:

  • Directly assigned to specific resources (databases, schemas, tables, columns)
  • Explicit permissions on named resources
  • Fine-grained control for specific data assets

Tag-Based Policies:

  • Apply to resources based on their assigned tags
  • Automatically enforce permissions when tags are applied
  • Scalable policy management across many resources

Effective Permissions:

  • The Permissions tab shows the combined result of both policy types
  • Resource-based and tag-based policies work together to determine final access
  • Multiple policies can apply to a single resource

Permission Insights

For End Users:

  • Understand what data you can access and what operations you can perform
  • See if row-level filtering or masking is applied to your queries
  • Identify which policies (resource-based or tag-based) grant you access
  • Check if specific columns have masking rules

For Administrators:

  • Verify that both resource-based and tag-based policies are correctly applied
  • Review row filtering and masking configurations
  • Identify policy overlaps or conflicts between different policy types
  • Track policy IDs for quick policy management
  • Audit the combined effect of multiple policy types on resources

Common Permission Scenarios

Resource-Based Access Policy:

Text Only
1
2
3
4
5
Resource: specific_table_name
Type: Access
Permission: SELECT
Affected Parties: user_group_a, user_group_b
Policy Type: Resource-Based

Tag-Based Access Policy:

Text Only
1
2
3
4
5
Resource: table_with_sensitive_tag
Type: Access
Permission: SELECT
Affected Parties: authorized_users_group
Policy Type: Tag-Based (applies to resources tagged with SENSITIVE)

Row-Level Filtering (can be resource-based or tag-based):

Text Only
1
2
3
4
5
Resource: table_name
Type: Row Level Filter
Permission: SELECT
Affected Parties: regional_users
Policy Rule: (REGION = 'North_America')

Column Masking (can be resource-based or tag-based):

Text Only
1
2
3
4
5
Resource: sensitive_column
Type: Masking
Permission: SELECT
Affected Parties: analysts_group
Policy Rule: Mask Type: MASK_HASH

Row-Level Filtering

The Data Catalog displays when row-level filtering is active on a table. Row filters can be applied through either resource-based or tag-based policies:

  • ROW FILTER: Applied indicator shows active filters

  • Click to view filter details and conditions

  • See which policies (resource-based or tag-based) are applying row filters
  • Understand the filtering logic and affected columns
  • View whether the filter comes from a direct resource policy or a tag-based policy

Row Filter Sources:

  • Resource-Based: Filters directly configured for the specific table
  • Tag-Based: Filters that apply because the table has certain tags
  • Combined: Multiple filters from both policy types may apply

For more information on row-level filtering, see:

Data Discovery Workflow

Exploring Data Assets

  1. Browse: Use the navigation tree to explore data sources hierarchically
  2. Search: Use the search functionality to find specific resources
  3. Inspect: Select resources to view detailed metadata and structure
  4. Understand: Review tags and classifications to understand data sensitivity
  5. Access: Check permissions to understand your access level

Data Catalog Features

Resource Metadata

For each resource, the Data Catalog provides:

  • Name and Path: Full qualified name and location
  • Owner: The user or role that owns the resource
  • Resource Details: Structure, properties, and attributes specific to the resource type (e.g., columns and data types for tables, parameters for functions)

Tag Integration

The Data Catalog seamlessly integrates with Privacera's tagging system:

  • Tags defined in Tags and Metadata appear in the catalog
  • Tag-based policies automatically apply based on catalog metadata
  • Changes to tags in the catalog reflect in access policies
  • Centralized tag governance ensures consistency

Permission Visibility

Users can see their effective permissions on each resource from both policy types:

  • View granted access levels from resource-based and tag-based policies
  • Understand restrictions and conditions
  • Identify masking or filtering rules that apply
  • See the policies that govern access