How access controls adapt to data sources

Data Access adapts access controls to meet the specific requirements of each data source. Thus, the representation of an access control varies by data source.

AWS Lake Formation

AWS uses multiple ways to manage and secure resources, including IAM Policies, IAM Roles, S3 Access Points, and CloudFormation. Data Access converts each of these into an access control.

BigQuery

BigQuery uses the Access Control List (ACL) model, where a user or group is directly assigned to a data object. During import, ACL entries that have the same data object and role are grouped together. For each such combination of data object and role, an access control is created in Data Access. You can then start organizing these access controls by creating new access controls managed in Collibra.
Thus, for easier access management, Data Access adds a role-based or attribute-based access control layer on top of BigQuery's ACL.

Example Suppose that, in BigQuery, Elton and Emma have the DataViewer role on the SalesTable data object, while Claire and Kiran have the DataEditor role on the same data object. Then, during import, Data Access groups users who have the same role on the same data object, creating two access controls: SalesTable_DataViewer and SalesTable_DataEditor.

Snowflake

Snowflake uses the Role-Based Access Control (RBAC) model, where a role is assigned to a user and the user needs to assume the role to access data. A role in Snowflake is imported directly as an access control in Data Access.