Skip to content

Data Zones and Workflow Policies

Data zones are distinct areas in a data lake that serve specific and well-defined purposes.

Data owners and data governors can create data zones based on domains, business functional ownership, or other logical groupings. Some examples of data zones:

  • A data zone to manage customer data under the guardianship of a customer data steward.
  • A data zone to manage finance data assets under the guardianship of a data administrator from the finance organization.

Data zones simplify data access management and relieve IT of the burden of managing policies for the entire enterprise. The administrative function for a data zone can be delegated to specific data owners who have the proper permissions/roles to administer the zone. Administrators can apply selective workflow policies to their data zones.

Planning a Data Zone#

You should prepare the following information, which you will need when you create a data zone.

  • Identify the data owners and data governors for the data zone. Make sure these people have been added to Privacera as users.
  • Identify the resources/data sources and applications that should be in the data zone.
  • Decide on a mnemonic name and explanatory description for the data zone
  • Study the types of data zone policies to determine the kinds of policies you want to enforce in the data zone.

Create Data Zone#

To create a data zone:

  1. In the Privacera home page, expand the Compliance Workflow menu and click Data Zones from the left menu.

  2. In the Data Zones page, click +.

    The Add Data Zone dialog is displayed.

  3. Enter the required Data Zone Name.

  4. Enter the Description.

  5. Click Save.

The data zone is created.

Data Zone Fields#

The following are the fields on the Data Zone page.

  • Resources: This tab allows you to add files/folders for scanning on which you need to apply policy. You can filter the list of resources with the search resource option. This tab also is displayed the number of record count.

    • Application: The name of an application.

    • Resource: The name of a resource.

    • Actions: This allows you to edit or delete the resources with the Actions column.

  • Delegated Admin: A delegated admin has the permission to scan the data zone resources. By default, the delegated admin is privacera. Click the edit icon to change the delegated admin name.

  • Owners: The list of owners with total count. You can filter the owner list using the search resource option.

    • Owner: The name of the owner.

    • Description: The description of the owner.

    • Actions: Edit or delete the owner with the Actions column.

  • Policies: A list of policies, with total count. You can filter the policy list using the search resource option.

    • Policy: The name of the policy.

    • Type: The type of policy. See Data Zone Workflow Policy Fields

    • Conditions: The conditions pertaining to the policy.

    • Alert Level: The alert levels: High, Medium, or Low.

    • Actions: The actions related to policy.

    • Enabled: The status of policy: Enabled or Disabled.

    • Settings: This allows you to edit the policy as well as you can delete the policy on clicking on respective icon under Settings column.

  • Tags: This tab is displayed the tags associated to data zone. You are allowed to change/modify the tags on clicking edit icon and then click save. This tab also displays the number of record count.

Add Resources#

You can add two types of resources to a data zone.

  • Files.

  • Database table names.

To add resources to an existing Data Zone:

  1. In the Privacera home page, expand the Compliance Workflow menu and click Data Zones from left menu.

  2. In the Data Zones page, select the Data Zone and click the +Add Resource.

    The Add Resource dialog is displayed.

  3. Enter the required Application name.

  4. Enter the Resource name, which is required. You can add * wildcard entries for the table name.

  5. Click Save.

    The File format resource is added.

    Similarly, you can add the Table format resource. i.e. DB Name and Table Name.

  6. Click Save to create the Resource.

Configure Data Zone Policies#

Data Zone policies are configured to monitor resources in a particular zone/datalake. Alerts can be raised based on restricted users, user groups, subnets, subnet-range, tags, and restricted zones.

See Data Zone Workflow Policy Fields

To create a policy for data zone:

  1. On the Privacera home page, expand the Compliance Workflow menu and click Data Zones from left menu.

  2. On the Data Zones page, select the created data zone and click the Policies tab.

  3. Click the +Add Policy.

    The Add Policy dialog is displayed.

  4. Enter the Policy Name, which is required.

  5. Select the Alert Level.

  6. Select the Type of policy, which is required. This will change the Source label as needed. By default, Disallowed Movement policy is selected.

  7. Enter the Description.

  8. Select the Status of policy. By default, it is Enable.

  9. Select the required Application.

  10. Click Save.

The policy is created.

Create Tag for Data Zone#

To create a tag for data zone:

  1. In the Privacera home page, expand the Compliance Workflow menu and click Data Zones from left menu.

  2. In the Data Zones page, select an existing data zone and click the Tags tab.

  3. Click Edit and select the Tag(s).

  4. Click Save.

The tags are created.

Edit Data Zone#

To edit an existing data zone:

  1. In the Privacera home page, expand the Compliance Workflow menu and click Data Zones from left menu.

  2. In the Data Zones page, select the data zone to edit and click the Edit.

    The Edit Data Zone dialog is displayed.

  3. Enter the Data Zone Name, which is required.

  4. Enter the Description.

  5. Click Save.

The data zone is updated.

Delete Data Zone#

To delete a data zone:

  1. On the Privacera home page, expand the Compliance Workflow menu and click Data Zones from left menu.

  2. On the Data Zones page, select the created data zone and click Delete.

    To the following message “Are you sure you want to delete this data zone”, click Yes or No.

  3. Click Yes/No.

The data zone is deleted.

Disable Data Zone#

To disable the data zone:

  1. On the Privacera home page, expand the Compliance Workflow menu and click Data Zones from left menu.

  2. On the Data Zones page, select the created data zone and toggle the Status button to disable.

    The data zone is disabled.

Similarly, you can enable the data zone using enable/disable toggle option.

Import Data Zone#

To import a data zone:

  1. In the Privacera home page, expand the Compliance Workflow menu and click Data Zones from left menu.

  2. In the Data Zones page, click the Import icon.

    The Import Data Zone dialog is displayed.

  3. Browse and select the JSON file. Only JSON format is allowed.

  4. Click Import.

The data zone is imported.

Export Data Zone#

To export a data zone:

  1. On the Privacera home page, expand the Compliance Workflow menu and click Data Zones from left menu.

  2. On the Data Zones page, click the Export icon.

  3. Select the Data Zone and click Export.

    The Export Data Zone dialog is displayed with JSON and CSV options.

  4. Select the export file format as per your requirement. By default, JSON format is selected.

  5. Click Export.

The data zone is downloaded to your computer. 

You can filter the data zone list using the Search Data Zone option. Also, the refresh feature allows you to view the updated datazone list.

Data Zone Workflow Policy Fields#

Privacera has the following types of data zone workflow policies:

Matrix for Supported File Formats#

The following matrix shows the policies and it's supported file formats:

Policies csv avro parquet json orc
Workflow with Encryption Yes Yes Yes Yes Yes
Workflow without Encryption Yes Yes Yes Yes Yes
Workflow Expunge - - - Yes -
De-identification Yes Yes Yes Yes Yes
RTP Yes Yes Yes Yes -
Expunge Yes Yes Yes Yes -

Last update: August 9, 2021