Skip to main content

Privacera Platform master publication

Data zones and workflow policies

:

Data zones are distinct areas in a data lake that serve specific and well-defined purposes.

Data owners and data governors can create data zones based on domains, business functional ownership, or other logical groupings. Some examples of data zones:

  • A data zone to manage customer data under the guardianship of a customer data steward.

  • A data zone to manage finance data assets under the guardianship of a data administrator from the finance organization.

Data zones simplify data access management and relieve IT of the burden of managing policies for the entire enterprise. The administrative function for a data zone can be delegated to specific data owners who have the proper permissions/roles to administer the zone. Administrators can apply selective workflow policies to their data zones.

Planning a data zone

Before you create a data zone, you should:

  • Identify the data owners and data governors for the data zone. Make sure these people have been added to Privacera as users.

  • Identify the resources, data sources and applications that should be included in the data zone.

  • Decide on a useful name and explanatory description for the data zone

  • Study the types of data zone policies to determine the kinds of policies you want to enforce in the data zone.

Create a data zone

To create a data zone, follow these steps:

  1. From the navigation menu, select Compliance Workflow > Data Zones.

  2. In the Data Zones page, click +.

    The Add Data Zone dialog is displayed.

  3. In the Data Zone Name field, enter a name for the data zone.

  4. In the Description field, enter a description (optional).

  5. Click Save.

    The data zone is created.

About the Data Zones page

The Data Zones page displays information about your data zones. This information is displayed in five different tabs:

  • Resources: This tab allows you to add files and folders for scanning so that you can apply policy to them. You can filter the list of resources using the search bar. The Resources tab displays the following information:

    • Application: The name of an application.

    • Resource: The name of a resource.

    • Re-evaluate: Allows you to re-validate resource files. Before selecting Re-evaluate , the resource file must already be scanned. This option is only available in the Right to Privacy policy and Expunge policies because these policies do not work with real-time and offline scans.

    • Actions: Allows you to edit or delete a resource.

  • Delegated Admin: A delegated admin has permission to scan data zone resources. By default, the delegated admin is privacera. Click the edit icon to change the delegated admin name.

  • Owners: A list of owners. You can filter the list using the search bar. The Owners tab displays the following information:

    • Owner: The name of the owner.

    • Description: The description of the owner.

    • Actions: Allows you to edit or delete an owner.

  • Policies: A list of policies. You can filter the policy list using the search bar. The Policies tab displays the following information:

    • Policy: The name of the policy.

    • Type: The type of policy. See Data Zone Workflow Policy Fields

    • Conditions: The conditions pertaining to the policy.

    • Alert Level: The alert levels: High, Medium, or Low.

    • Actions: The actions related to policy.

    • Enabled: The status of policy: Enabled or Disabled.

    • Settings: This allows you to edit the policy as well as you can delete the policy on clicking on respective icon under Settings column.

  • Tags: This tab displays the tags associated with the data zone. You can modify the tags by clicking the Edit.

Add resources

You can add two types of resources to a data zone:

  • Files

  • Database table names

To add resources to an existing data zone, do the following:

  1. From the navigation menu, select Compliance Workflow > Data Zones.

  2. Select a data zone from the Data Zones menu and click ADD RESOURCE.

    The Add Resource dialog is displayed.

  3. Select an application from the Application dropdown menu (required).

  4. In the Resource field, enter a resource name.

    Note

    You can add * wildcard entries for the table name.

  5. Click Save.

    The File Format resource is added.

    Note

    Similarly, you can add the Table format resource. i.e. DB Name and Table Name.

  6. Click Save to create the Resource.

Configure data zone policies

Data zone policies are configured to monitor resources in a particular data zone or data lake. Alerts can be raised based on restricted users, user groups, subnets, subnet-range, tags, and restricted zones.

See Data Zone Workflow Policy Fields

To create a policy for data zone, follow these steps:

  1. From the navigation menu, select Compliance Workflow > Data Zones.

  2. In the Data Zones page, select the data zone and click the Policies tab.

  3. Click Add Policy.

    The Add Policy dialog is displayed.

  4. In the Name field, enter a name for the policy (required).

  5. Select an alert level from the Alert Level dropdown menu.

  6. Select a policy type from the Type dropdown menu (required).

    Note

    This will change the Source label as needed. By default, Disallowed Movement policy is selected.

  7. Enter a description into the Description field.

  8. Using the Status toggle, set the status of the policy. By default, it is set to Enable.

  9. Select the required Application.

  10. Click Save.

    The policy is created.

Create tags for data zones

To create a tag for data zone, do the following:

  1. From the navigation menu, select Compliance Workflow > Data Zones.

  2. In the Data Zones page, select an existing data zone and click the Tags tab.

  3. Click Edit and select the Tag(s).

  4. Select the tag(s) from the Tags dropdown menu.

  5. Click Save.

The tags are created.

Edit data zones

To edit an existing data zone, follow these steps:

  1. From the navigation menu, select Compliance Workflow > Data Zones.

  2. In the Data Zones page, select the data zone to edit and click Edit.

    The Edit Data Zone dialog is displayed.

  3. In the Data Zone Name field, enter a name for the data zone (required).

  4. In the Description field, enter description of the data zone.

  5. Click Save.

The data zone is updated.

Delete data zones

To delete a data zone, follow these steps:

  1. From the navigation menu, select Compliance Workflow > Data Zones.

  2. On the Data Zones page, select the created data zone and click Delete.

    The Confirm Delete dialog displays.

  3. Click Delete.

    The data zone is deleted.

Disable data zones

To disable a data zone, do the following:

  1. From the navigation menu, select Compliance Workflow > Data Zones.

  2. On the Data Zones page, select the created data zone disable it using the Status toggle.

    The data zone is disabled.

Enable data zones

To enable a data zone, do the following:

  1. From the navigation menu, select Compliance Workflow > Data Zones.

  2. On the Data Zones page, select the created data zone and enable it using the Status toggle.

    The data zone is enabled.

Import data zones

To import a data zone, follow these steps:

  1. From the navigation menu, select Compliance Workflow > Data Zones.

  2. In the Data Zones page, click the Import icon.

    The Import Data Zone dialog is displayed.

  3. Browse and select the JSON file you want to import.

    Note

    Only JSON format is allowed.

  4. Click Import.

    The data zone is imported.

Export data zones

To export a data zone, follow these steps:

  1. From the navigation menu, select Compliance Workflow > Data Zones.

  2. On the Data Zones page, click the Export icon.

  3. Select the Data Zone(s) you want to export and click Export.

    The Export Data Zone dialog displays.

  4. Select either JSON or CSV as the export format.

  5. Click Export.

    The data zone is downloaded to your computer.

You can filter the data zone list using the Search Data Zone option. Also, the refresh feature allows you to view the updated datazone list.

Compliance Workflow Policies

Privacera has the following types of Compliance Workflow policies:

Note

If you want to use encryption for Compliance Workflow policies (i.e., De-Identification, Right to Privacy, and Workflow Encryption), you have to add the privacera_service_discovery user. See Add Discovery User for Encryption Service.

Note

The following Compliance Workflow policies are not supported on the GCP platform:

  • Workflow Policy

  • De-identification Policy

  • Right to Privacy Policy

  • Expunge Policy

  • Workflow Expunge Policy

Supported file formats by policy type

The following table shows the supported file formats for each policy type.

Policies

csv

avro

parquet

json

orc

Workflow with Encryption

Yes

Yes

Yes

Yes

Yes

Workflow without Encryption

Yes

Yes

Yes

Yes

Yes

Workflow Expunge

-

-

-

Yes

-

De-identification

Yes

Yes

Yes

Yes

Yes

RTP

Yes

Yes

Yes

Yes

-

Expunge

Yes

Yes

Yes

Yes

-