Data Access Methods#
Data repositories are connected to PrivaceraCloud by configuring connectors to applications.
PrivaceraCloud uses three different data access methods:
Data Access Server
The appropriate connector method depends on several factors, including the type of data resource and the type and level of control required.
Activation of the corresponding service also creates corresponding resource service and service group in Access Manager: Resource Policies.
A default set of resource policies will be automatically created for each newly created resource service. This will include an all access default policy. Additional policies can be created and defined in Access Manager: Resource Policies.
Data Access Server#
The Data Access Server integration method redirects data access requests to a Privacera data authentication broker inserted into the control and data flow. A maximum of one Data Access Server can be enabled at one time.
A PolicySync integration works by mapping PrivaceraCloud defined Resource Policies to the native access controls functions provided by the target data repository system.
This approach is used for data repository systems providing a sufficient native level of data control.
PrivaceraCloud supports multiple concurrent PolicySync connections but only one PolicySync connector of each data resource type.
Databricks Spark, EMR PrestoDB, and EMR Hive have built-in support for external authentication using Plug-In architecture.
Privacera inserts itself into the Databricks or EMR authentication control flow using a Plug-In module. Authentication for data access requests are directed to the PrivaceraCloud Plugin component by the repository system itself.
This is the most direct and efficient method and is transparent to the data users. Each PrivaceraCloud allows multiple concurrent Plug-In connections. This method is used for:
- EMR: Hive, PrestoDB, PrestoSQL
- EMR Spark: Fine-Grained Access Control
- Databricks (SQL)
- Starburst Enterprise (Presto)
- Qubole: Presto