Skip to content

User Guide - Governance Hub

Governance Hub Overview

Privacera's Governance Hub provides a centralized platform for managing metadata, tags, and data catalog operations across your data ecosystem. It enables organizations to maintain consistent data governance practices, ensuring data quality, discoverability, and compliance.

The Governance Hub brings together key governance capabilities:

  • Data Catalog: Browse and explore your data assets with an intuitive interface that provides visibility into databases, schemas, tables, and columns across all connected data sources.
  • Tags and Metadata Management: Create, manage, and apply tags to classify and organize data assets, enabling efficient data discovery and policy enforcement.

Key Capabilities

Centralized Catalog

The Data Catalog provides a unified view of all your data assets, allowing users to:

  • Browse data resources across multiple data sources and platforms
  • View detailed metadata including schemas, tables, columns, and data types

Tag Governance

The Tags and Metadata management capability enables:

  • Creation and management of reusable tags and classifications
  • Definition of custom attributes with specific data types and validation rules
  • Application of tags to data assets for classification and policy enforcement
  • Tag-based access control integration with Access Management policies
  • Attribute definitions with required fields and helper text for consistency
  • Support for resource-specific tags and global tags across all resources
  • Programmatic Tag Management: REST APIs for automated tag creation, resource registration, and tag application

Getting Started with Governance Hub

The Governance Hub is organized into two main sections:

Data Catalog

Access and explore your data assets through an intuitive catalog interface. The Data Catalog provides:

  • Hierarchical navigation through data sources, databases, schemas, and tables
  • Detailed resource views with columns, tags, and permission information
  • Search and filtering capabilities for quick data discovery
  • Tag assignment and management at the resource level
  • Row-level filtering and Masking rule details.

Tags and Metadata

Manage tags, classifications, and metadata attributes that can be applied across your data ecosystem. This includes:

  • Creating and editing tag definitions
  • Defining attribute schemas with data types and validation rules
  • Managing supported resource types for each tag
  • Configuring required vs. optional attributes
  • Setting up helper text and validation rules

Integration with Access Management

The Governance Hub works seamlessly with Privacera's Access Management features to provide:

  • Tag-Based Access Control (TBAC): Apply access policies based on tags assigned to data assets
  • Resource-Based Access Control (RBAC): Define granular access policies for specific resources (databases, schemas, tables, columns)
  • Unified Policy Management: Combine resource-based and tag-based policies for flexible, scalable access control
  • Metadata-Driven Policies: Use metadata tag attributes in Privacera policy conditions for dynamic access control
  • Centralized Governance: Manage both data classification and access control from a single platform

Advanced Tag-Based Policy Features

The Governance Hub supports advanced policy capabilities that leverage tags for sophisticated access control:

Tag-Based Row-Level Filtering (RLF) Policies

Apply dynamic row-level filtering based on tags assigned to resources and their attributes. Tag-based RLF policies enable:

  • Dynamic Filtering: Automatically filter rows based on tag attributes without hardcoding values
  • Scalable Policies: Apply a single policy to multiple resources based on tag assignments
  • Attribute-Driven Logic: Use tag attributes in filter conditions for flexible access control

See Tag-Based Row-Level Filtering for detailed information.

RLF OR Merging

When multiple row-level filtering policies apply to the same resource, Privacera supports OR merging to combine filter conditions:

  • Multiple Policy Support: Apply multiple RLF policies to the same table
  • OR Logic: Combine filters using OR logic so users see rows matching any policy
  • Flexible Access: Enable different user groups to access different subsets of data

For more details, see Tag-Based Row-Level Filtering - Policy Merging.

Omni-Specific Tag Macros

Privacera OMNI provides powerful dynamic tag macros for creating flexible, maintainable policies:

  • TAG_GET_CHILD_RES: Find column names dynamically based on tags instead of hardcoding column names
  • GET_CHILD_TAG_ATTR: Retrieve tag attribute values from child resources for use in policy expressions
  • Dynamic Policy Logic: Create policies that adapt automatically when tags are added or modified

OMNI Requirement

These dynamic tag macros are specific to Privacera OMNI and require MetadataTagEnricher to be configured in the appropriate connectors. They are not supported by Apache Ranger itself.

For detailed documentation on tag macros, see Dynamic Tag Macros for RLF Policies.

Next Steps