How access controls adapt to data sources

Data Access adapts access controls to meet the specific requirements of each data source. Thus, the representation of an access control varies by data source.

BigQuery

BigQuery uses the Access Control List (ACL) model, where a user or group is directly assigned to a data object. During the import, ACL entries that have the same data object and role are grouped together. For each such combination of data object and role, an access control is created in Data Access. You can then start organizing these access controls by creating new access controls that are managed in Collibra. Thus, for easier access management, Data Access adds a Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC) layer, on top of BigQuery's ACL model.

Example Suppose that, in BigQuery, Gustav and Graham have the Data Viewer role on the Sales Table data object, whereas Meera and Maya have the Data Editor role on the same data object. Then, during import, Data Access groups users who have the same role on the same data object, creating two access controls: Sales Table_Data Viewer and Sales Table_Data Editor.

Snowflake

Snowflake uses the Role-Based Access Control (RBAC) model, where a role is assigned to a user and the user needs to assume the role to access data. A role in Snowflake is imported directly as an access control in Data Access.