Identities

In Data Access, an account represents a user in your underlying data source, for example, a user in Snowflake, a service account in BigQuery, or a user in Okta. This user can be a human or a machine (service account). This is different from a user in Collibra.

An identity is a consolidated profile in Data Access that unifies a user's multiple accounts across different data sources into a single entity. Typically, an identity represents a single physical person or service. In Data Access, access is granted to identities.

Identities are used as beneficiaries in access controls to define who gets access to data. By mapping different accounts belonging to the same individual, an identity allows you to use a single profile as the beneficiary in an access control, granting them access across multiple data sources simultaneously.

How accounts are mapped

When a new account is pulled into Data Access, it is automatically mapped to an existing identity if the email address of the account matches that of the identity. If no match is found, a new identity is created. While email matching is the default behavior, you can also manually move an account to a different or new identity.

Example If you have accounts in Databricks, Snowflake, and Collibra with the same email address, the three accounts are mapped to one identity. However, if you use a different email address for each account, the three accounts are mapped to three separate identities.

Collibra users as identities

Identities in Data Access also include Collibra users. This ensures that if a Collibra user has any data source accounts, they are linked to the appropriate identity through email matching. This means that if a Collibra user requests access to a Snowflake table in Data Access, the access is granted to the related Snowflake account that the user has.