Data Guardiuum - Security & Policy

A modern Data Lakehouse solution with Open and Unified data processing platform for Data Lake and Data warehouse.

Data Guardiuum - Security & Policy

This section covers:

  1. Configure Data Source
  2. User management
  3. Access Policy - Column level, Row Filter and Masking

Data Source

This guide explains how to configure external data sources in Guardiuum. The tool supports various data different types of data sources while presenting as a PostgreSQL-compliant interface to external consumers.

Connectors supported as of now:

Google BigQuery

Databricks

Object Storage such as S3 and ABFS (Datalake)

Hive

MariaDB

MongoDB

MySQL

Postgres

Presto

Starburst

Trino

Redshift

Snowflake

Salesforce (Enterprise Products)

Prerequisites

Before configuring a new data source, ensure you have:

Administrative access to the Query Gateway

Connection details for your data source:

Network connectivity between:

Data Source Dashboard

Alt text

Data Source Configuration

Alt text

Browse Catalog

Alt text

Upcoming Connectors

Athena

AzureSQL

Clickhouse

Couchbase

DB2

Delta Lake

Druid

DynamoDB

Greenplum

Impala

Mssql

Oracle

PinotDB

SAP HANA and many more.

You can also share with us the connectors that you would like to see in this list. Please raise an issue in the current github repository

User Management

An admin can create users, by following below steps

  1. Select User Management
  2. Click on [+ Users]
  3. Enter username, email and role to access the platform

Alt text

Access Policy

Guardiuum supports

  1. Access Control
  2. Masking & 
  3. Row level filtering

Access Control

Access Control Policy Configuration

By default, all users start with no data access permissions. Explicit policies must be configured to grant query execution rights. The interface is modeled after Apache Ranger but offers enhanced options and capabilities.

Access policies can be defined at multiple levels:

To create a new policy:

  1. Navigate to Security Policies
  2. Click the [+ Policy] button

This hierarchical approach allows you to start with broad permissions at the catalog level and refine them down to specific columns as needed.

Below example shows user allowed to run DDL and DQL queries against table "studentPsql.guardiuum.studentmarks" table. However a global deny condition to access PII columns has been applied to "studentPsql" catalog and its respective namespaces and tables.

Alt text

Below example illustrates, column masking(Hashing) applied to a column

Alt text