Challenge

The velocity of digital business growth poses a significant challenge for data security teams and data owners. Moving from data silos to data collaboration requires enterprises to consistently and continuously protect data resources across different databases and data lakes at a fine-grained level (e.g. row, column, cell data level).

Solution

Apply Dynamic and Fine-grained Authorization to control access down access to data, down to the cell-level. The PlainID Authorization Platform provides centralized management of access to data with distributed enforcement for specific database and data lake technologies.

Types of Data Authorizers

Choose deployment methods that work for your enterprise to enforce data access control. PlainID accommodates specific enterprise architectures for data access through Authorizers for: data services, data gateways and as a Network Proxy Authorizer.

Architecture flow

  • User logs into the application, Business Intelligence (BI), or Analytics tool
  • Application/tool sends Authentication request to the IdP
  • Application/tool requests access to the data through a PlainID Authorizer for the following:
    – Data Service (as a sidecar)
    – Data Gateway (as a plugin)
    – PlainID Authorizer (as a network proxy)
  • The Authorizer queries the PDP for a dynamically calculated authorization resolution
  • The response is translated to a data filtering clause and a list of authorized data elements which is used to modify the original data query
  • The original query is modified based on the authorization resolution resulting