The Data-centric organization’s ecosystem depends on multiple, heterogeneous Data provisioning systems. Data access requests in most cases are performed by IT change request systems that follow specific change request process lifecycles. Such a process is time-consuming, labor-intensive, leading to loss of time and productivity and reduced business value as the user must wait for access.
Following business and functional challenges are typically encountered in provisioning access to big-data data sources:
- Lack of a centralized governance platform that controls access to multiple big-data data sources (e.g., Hive, HDFS, HBase, Kafka, Elastic, etc.)
- Non-homogenous data-access sharing methods with different rules, sharing agreements and ownership.
- Lack of clarity for data consumers on access request mechanisms
- Data discovery challenges due to multiple metadata platforms and non-uniform discovery features
- Lack of a uniform and automated dataset checkout mechanism
- Automated security checks on data (e.g., PII, SDE elements) are usually not present during data checkout and provisioning
The Data Access Control – Ranger (DAC) framework, which is built around Lorang Technology’s proprietary Metadata Integration Framework (MIF) addresses above challenges in data access governance and provisioning.
It provides a simplified and effective governance mechanism with automated data-access provisioning by orchestrating data sources (HDFS, Hive, HBase, Kafka, Elastic Search, etc.), role and policy-based access (Collibra) and policy enforcement /access provisioning (Apache Ranger) for reduced manual intervention.
Integration with ServiceNow is also available as an additional package to handle access requests for traditional applications without APIs. The Collibra Data Intelligence platform provides a Catalog of all the Data resources and the capability to request Data access. The policy enforcement /access provisioning (Apache Ranger) determines which enforcement mechanism will be triggered and enforces polices in the target data source automatically with the help of plugins. DAC finds the optimal way to grant access to the systems that provide RESTful services while automatically applying and enforcing policy and security policies that are predefined by the Policy Admin Info Security.
DAC- Ranger Features:
- Provides unified access policy management platform for multiple big-data data sources (HDFS, Hive, HBase, Kafka, Elastic Search, etc.).
- A unified Collibra Operating Model maps to the policy structure of target access control framework (Apache Ranger).
- Detects and synchronizes policy changes between Collibra and target policy frameworks (Apache Ranger) using the respective REST APIs.
- Converts policy formats between Collibra and target policy frameworks.
- Provides auto-notification of access grants.
- Enables inheritance of access tags (PII, PCI, etc.) from the business taxonomy/ data classifications to the physical data elements.
- Provides recommendation of access policies based on toxic combinations of given data sets.
- Streamlines data shopping experience for the user, hiding the complexity of roles, access policies, permissions, etc.
- Seamlessly integrates with the ServiceNow ticketing system.