Overview to PrivaceraCloud
Getting started with PrivaceraCloud is straightforward.
Be sure you have created your first PrivaceraCloud account. See Create a PrivaceraCloud Account.
These steps are done by the account administraor, which is the first account created by your organization.
- Attach data resources to this account.
- Add or import data access users to this account.
- Optionally create, import, or configure an identity provider for portal users, which are those identities allowed to use your account. Portal users are assigned or mapped to Roles, so as to set permissions.
- Define role (RBAC) and attribute (ABAC) based data access policies to restrict or allow access to data resources.
The first time you log into PrivaceraCloud it will run a setup wizard, which will walk though steps (2), (3), and (4). These steps can also be accomplished without the setup wizard.
Establishing access to data resources requires sufficient rights and access to install PrivaceraCloud components and to configure communication between PrivaceraCloud and the installed components.
Connect Data Repositories Without Service Wizard
There are three basic steps to getting started with PrivaceraCloud:
Create a callback id that is unique to your PrivaceraCloud account. This unique key and the callback URLs are created and defined in Settings: Api Key. See Settings: Api Key for setup instructions.
Connect to at least one "Data Source". This will be the data repository to which you will want to control access. As part of this step you will also create a corresponding service, a computing resource to be used for interactions with this Data Source. See Connect Data Sources and the specific instructions for the Datasource you are targeting. There are specific instructions for:
* Connecting your Databricks SQL
* Connecting your S3 Databricks Cluster
* Connecting your EMR (Hive, Presto, or Spark)
* Connecting your MSSQL or Snowflake Repository
Each of these will have a slightly different sequence of instructions and different requirements and steps.
Create and/or Import Data Access Users
Data Access users are identities that will be requesting access to the data repositories. These are managed in Access Manager: Users/Groups/Roles. You can use Users/Groups/Roles to add, remove, or manage data access users. See Access Manager: User/Groups/Roles for more information.
You can also optionally import users, groups, and roles defined in your organization's Active Directory or LDAP server. See Data Access User Synchronization with LDAP or Active Directory ("User Sync") for the user sync attachment process.
Connecting each of these data sources will result in a corresponding Service. Each Service will have a set of Resource Policies. Use Access Manager: Resource Policies to define, manage, and refine specific policies for your data access users.