The DAC-GCP (Data Access Control – Google Cloud Platform) Accelerator integrates the Governance capability of Collibra with the big-data ecosystem of GCP-BigQuery, along with the related access management services like IAM and Google Groups to automate and control access-granting and data provisioning through Collibra.
Following business and functional challenges are normally encountered in provisioning access to big-data data sources like GCP-BigQuery:
- Lack of a centralized governance platform that combines business level governance with data provisioning
- Governance of metadata, harvesting from other sources into GCP-BigQuery
- Lack of clarity for data consumers on access request mechanisms
- Data discovery challenges due to multiple metadata platforms and non-uniform discovery features
- Lack of a uniform and automated dataset checkout mechanism
- Metadata enrichment and governance are not accessible out of the box in the GCP-BigQuery environment
The GCP Data Access Control (DAC) framework, which is built around Lorang Technology’s proprietary Metadata Integration Framework (MIF) addresses above challenges in data access governance and provisioning of GCP BigQuery resources.
It provides a simplified and effective Collibra based governance mechanism with automated data-access provisioning, by orchestrating the GCP-BigQuery data source, role and policy-based accesses (Collibra) and policy enforcement /access provisioning (using GCP IAM) with reduced manual intervention.
Integration with ServiceNow is also available to handle manual access requests. The Collibra Data Intelligence platform provides a Catalog of all the Data resources and the capability to request Data access. The policy enforcement /access provisioning determines which enforcement mechanism will be triggered based on the sensitivity of data (toxic combinations, PIIs etc.) and enforces policies in the target GCP-BigQuery data source automatically, with the help of java-based DAC service. DAC-GCP finds the optimal way to grant access to the BigQuery data sources while automatically applying and enforcing access and security policies that are pre-defined by the Policy Admin in Collibra.
- Provides unified access policy management platform for GCP-BigQuery data sources
- A unified Collibra Operating Model maps to the policy structure of target access control framework (includes BigQuery, GCP IAM, Google Groups)
- Detects and synchronizes policy changes between Collibra and GCP-BigQuery using the respective REST APIs
- Converts policy formats between Collibra and GCP-BigQuery
- Provides auto-notification of access grants
- Enables inheritance of access tags (PII, PCI, etc.) from the business taxonomy / data classifications to the physical data elements
- Provides recommendation of access policies based on toxic combinations of given data sets
- Streamlines data shopping experience for the user, hiding the complexity of roles, access policies, permissions, etc.
- Seamlessly integrates with ServiceNow ticketing system