3 Replies Latest reply on May 19, 2020 1:05 AM by user186817

    Data Access Control At Source

    Goris Haghverdian New Member

      Hello,

       

      Usecase: a data virtualization layer connected to several underlying data sources providing downstream users virtualized data via data services. The downstream users must be authenticated via  an enterprise centralized identity management service and receive an auth token. The use then uses this token to ask for virtualized data. The virtualization layer then pass this token to the underlying data sources and let the datasources determine if the user has access to the asked data or not. The underlying datasources are integrated with the centralized enterprise federated identity management service.

       

      I am wondering if Informatica has such tool to allow data access control be enforced in datasources rather than enterprise data virtualization layer? If so, would you mind point me to the right product and right documentation please?

       

       

      I would greatly appreciate if you provide some guidance.

       

      Thanks,

      Goris.

        • 1. Re: Data Access Control At Source
          user186817 Active Member

          Hi Goris,

           

          You can take a look to the Dynamic Data Masking features: Introduction to Dynamic Data Masking

          It may cover your needs.

           

          Kind regards,

          Lluís

          • 2. Re: Data Access Control At Source
            Goris Haghverdian New Member

            Thanks Lluis,

             

            This looks interesting and king of what I am looking for. Now my question is how DDM integrates with lets say PowerCenter, or Enterprise Data Preparation. And specifically I want to understand how lets say the JWT token of  the end user (EDP user for example who consumes prepared data) would travel through EDP->DDM and validated by DDM. In my case, the token has to be generated by a centralized ID Management service, then the EDP or PowerCenter pass the token through to DDM and let DDM decide how to deal with access control. Is such thing possible? Are EDP or PowerCenter integratabtle with DDM? The key part is that the token needs to be passed through the EDP down to DDM. Is this possible with EDP or any other Informatica virtualization product?

             

            Also I'd like to know what databases can I use DDM with? Are all kinds of databases supported? How about the ones in Hadoop? Object Data Stores like S3? How about Kafka? ...

             

            I am quite new to Informatica Platform so sorry for maybe basic questions sometimes.

             

            Thanks again for the response.

            Goris.

            • 3. Re: Data Access Control At Source
              user186817 Active Member

              Hi Goris,

               

              I'm not an expert on DDM, so can't answer in detail what you are asking.

               

              As far as I know, when using DDM you put an additional layer between the database and the clients.

              So, all client queries go through DDM instead of going straight to the database.

              DDM will check the query and the user who sent it and, depending on the level of authorization, it will show real or masked data.

               

              Maybe you should consider moving this post to the 'Data Centric Security' group. There you will find real experts on that matter.

               

              Regarding the databases supported, see attached the latest compatibility matrix for DDM.

              Here you will find the full documentation set: https://docs.informatica.com/data-security-group/dynamic-data-masking/9-9-1.html

               

              Hope that helps.

               

              Regards,

              Lluís